Telephony certificates
Note
this figure is current not used and not fully described.
XiVO offers the possibility to create and manage X.509 certificates via the the
page.These certificates can be used for:
enabling SIP TLS
enabling encryption between the CTI server and the XiVO clients
For the certificate used for HTTPS, see HTTPS certificate.
Creating certificates
You can add a certificate by clicking on the add button at the top right of the page. You’ll then be shown this page:
You should look at the examples if you don’t know which attributes to set when creating your certificates.
Removing certificates
When removing a certificate, you should remove all the files related to that certificates.
Warning
If you remove a certificate that is used somewhere in XiVO, then you need to manually reconfigure that portion of XiVO.
For example, if you remove the certificate files used for SIP TLS, then you need to manually disable SIP TLS or asterisk will look for certificate file but it won’t be able to find them.
Examples
In the following examples, if a field is not specified than you should leave it at its default value.
Creating certificates for SIP TLS
You need to create both a CA certificate and a server certificate.
CA certificate:
Name : phones-CA
Certification authority (checkbox) : checked
Autosigned : checked
Valid end date : at least one month in the future
Common name : the FQDN of your XiVO
Organization : your organization’s name, or blank
Email : your email or organization’s email
Server certificate:
Name : phones
Certification authority (select) : phones-CA
Valid end date : at least one month in the future
Common name : the FQDN of your XiVO
Organization : your organization’s name, or blank
Email : your email or organization’s email
Creating certificate for CTI server
Name : xivo-ctid
Autosigned : checked
Valid end date : at least one month in the future
Common name : the FQDN of your XiVO
Organization : your organization’s name, or blank
Email : your email or organization’s email
Warning
You must not set a password for the certificate. If the certificate is password protected, the CTI server will not be able to use it.