Srtp and tls help

Ok hello all im trying to setup encrypted voip and its kicking my a$$ in ways they dont want to talk about at parties when you have had to much to drink

I have been working on this for about 1 month with no prevail i will tell you what i have accomplished successfully so far but im just too new at freepbx and everything i have been reading online changes depending on who writes to topic/reply

Accomplishments

Ssl certificate installed and functional is not self signed public cert

Desh phone that now gives a busy signal immediately after calling a number the phone is registered with the pbx though so my guess is the phone is still on port 5060 while tls is on 5061 the extention says its listening on 5061 and i also dont know if the phone trusts the server but logic would tell me yes because automatic provisioning works on all phones according to the pbx https in enabled for both phone apps and provisioning my trunk lines come from clearlyip and all other phones work in the system

So my question is would there be a kind enough soul out the to type out what configurations need to be changed so the guys i work with stop making fun of my pbx skills.

Who is it signed by? Is the signing certificate and the chain back to its own self signed (root) certificate installed in the receiving system?

It was signed by Alphassl a globalsign partner. Yes it is installed and functional in the pbx system

Is the CA certificate installed in the phone?

Ok so this is where i cant wrap my brain around i have access to two domains and 2 wild card certificates 1 for each domain the pbx got issued the certificate that we issue to all the dmz hardware devices however we have a root ca and 3 subordinate ca’s all thouse are internal the question i have is can freepbx have the wildcard cert work for communication towards the wan connections and could i issue a internal cert also to the pbx so i can issue the same ca certs to all the phones effectively freepbx will have a internal device cert and also a public cert on the same device i did this to a web server and a vpn server but i just dont know the limitations of the pbx again i dont know anything about pbx’s i do network security