Telephony certificates

XiVO offers the possibility to create and manage X.509 certificates via the the Configuration ‣ Management ‣ Certificates page.

These certificates can be used for:

  • enabling SIP TLS
  • enabling encryption between the CTI server and the XiVO clients

For the certificate used for HTTPS, see HTTPS certificate.

Creating certificates

You can add a certificate by clicking on the add button at the top right of the page. You’ll then be shown this page:

../../../_images/certificates-add.png

Adding a certificate

You should look at the examples if you don’t know which attributes to set when creating your certificates.

Removing certificates

When removing a certificate, you should remove all the files related to that certificates.

Warning

If you remove a certificate that is used somewhere in XiVO, then you need to manually reconfigure that portion of XiVO.

For example, if you remove the certificate files used for SIP TLS, then you need to manually disable SIP TLS or asterisk will look for certificate file but it won’t be able to find them.

Examples

In the following examples, if a field is not specified than you should leave it at its default value.

Creating certificates for SIP TLS

You need to create both a CA certificate and a server certificate.

CA certificate:

  • Name : phones-CA
  • Certification authority (checkbox) : checked
  • Autosigned : checked
  • Valid end date : at least one month in the future
  • Common name : the FQDN of your XiVO
  • Organization : your organization’s name, or blank
  • Email : your email or organization’s email

Server certificate:

  • Name : phones
  • Certification authority (select) : phones-CA
  • Valid end date : at least one month in the future
  • Common name : the FQDN of your XiVO
  • Organization : your organization’s name, or blank
  • Email : your email or organization’s email

Creating certificate for CTI server

  • Name : xivo-ctid
  • Autosigned : checked
  • Valid end date : at least one month in the future
  • Common name : the FQDN of your XiVO
  • Organization : your organization’s name, or blank
  • Email : your email or organization’s email

Warning

You must not set a password for the certificate. If the certificate is password protected, the CTI server will not be able to use it.