Certificates ensure the identity of a server or client and encrypt data traffic.

The PBX can generate individual certificates itself, but also manage externally generated certificates, e.g. provider certificates.

A provider certificate must be imported into the certificate management and the selected in the provider's configuration.

Exception: If the provider supports Mutual SSL Authentication, the following data provided by the provider must be entered directly in the provider configuration:

The following matching keys and certificates are required for SIPS/SRTP internal:

The required certificates/keys can be generated in the PBX or externally generated and imported.

Some end devices require the PBX certificate or the Fingerprint of the root certifivate for verification. For this purpose, the PBX certificate can be exported and the Fingerprint copied or read.

Some devices have a client certificate. Thus, the identity of a user is bound to a unique digital certificate. This way, it can be determined who for example can access the user data.

Client certificates are stored in the PBX for the following devices:

If provisioning is to be enabled for devices without their own client certificate, access without a client certificate (insecure operation) must be enabled.