Loading of a Certificate

From Pbxnsip Wiki

Purpose

Certificates are used to indicate your communication partner that you are really the one that you claim to be. This is done using a third party that certifies your identity and issues you a certificate. The certificate comes for a domain name. Usually those certificates are used for web services; however the same certificates can also be used for SIP services.

By using a certificate you defend your installation against DNS redirection attacks. An attacker might get control over a DNS server (which you don't operate) and redirect all requests to his server. He then might be able to present the same certificate that you have, but he does not have the private key that you used when you requested the certificate from the trusted third party. Therefore, he will not be able to establish secure communication. This way the user agent can check if the host that he contacted is really the desired host and deny the connection if the public and the private keys do not match.

You can provide only one key to the PBX. That means for secure communication, you can operate only one domain in a secure way.

In order to provide the key, just enter the ASCII string that you received from the trusted party, copy it into the text field and push the "Save" button. The PBX will then present this certificate to http and sip connection that require secure communications.

Format

The format of the certificate must be base64-encoded. You must include the private key and the certificate in the upload. Please note that uploading the private key this way might be intercepted by an intruder. You can minimize this risk by using the localhost address from the local machine.