Certificates ensure the identity of a server or client and encrypt data traffic.
The PBX can generate individual certificates itself, but also manage externally generated certificates, e.g. provider certificates.
Provider Certificate
A provider certificate must be imported into the certificate management and the selected in the provider's configuration.
Exception: If the provider supports Mutual SSL Authentication, the following data provided by the provider must be entered directly in the provider configuration:
•Client certificate
•Private key
•if necessary, any passphrase associated with the private key
Certificates for SIPS/SRTP internal
The following matching keys and certificates are required for SIPS/SRTP internal:
•valid root certificate
•valid PBX certificate
•private key of the pbx certificate
The required certificates/keys can be generated in the PBX or externally generated and imported.
Some end devices require the PBX certificate or the Fingerprint of the root certifivate for verification. For this purpose, the PBX certificate can be exported and the Fingerprint copied or read.
Client certificates of the devices
Some devices have a client certificate. Thus, the identity of a user is bound to a unique digital certificate. This way, it can be determined who for example can access the user data.
Client certificates are stored in the PBX for the following devices:
•COMfortel D-series (all models)
•COMfortel 1400 IP / 2600 IP / 3600 IP
•COMfortel WS-500x
•Snom IP phones
•Yealink IP phones
If provisioning is to be enabled for devices without their own client certificate, access without a client certificate (insecure operation) must be enabled.
Configuration
•Storing certificates of the provider.
−Administration > Certificates > Trustworthy
−Exchange lines > Providers and Accounts > Name of the provider > > SIP > SIPS
•Creating or importing certificates for SIPS/SRTP internal.
−Administration > VoIP > SIPS/SRTP internal
•Managing certificates.
−Administration > Certificates
•Switching access without client certificate on (unsafe operation).
−Administration > Network > Server service > Provisioning