Work Notes

FreePBX: Uploading a custom SSL HTTPS certificate for the web interface

Posted onAuthorBoris W

This post is a generic guide to setting up HTTPS SSL certificates on your FreePBX web server. You do not need to have an activated server to do this. Many guides out there show you how to do this through the System Admin web UI, but that does not apply to the free or unactivated instance. The instructions below will guide you through the process without the need for activation or payment.

Assumptions

  • You’ll need a little terminal knowledge
  • You can SSH into the FreePBX server (or have direct terminal access) with root privileges
  • You know how to generate certificate files (or read up on it online)

Procedure

Get the certificate files

Generate or download the certificate and retrieve the .key and .crt files.

Upload the certificate

Upload the .key and .crt files in the web interface through Admin > Certificate Management. This will upload to the asterisk folder, but will not yet apply to the HTTPS server until the rest of these instructions are followed.

Access the server terminal

SSH into the host or get access to the direct terminal. This depends on how the server was installed (virtual machine, bare metal, etc.)

Copy the certificates

Copy the certificate files that you uploaded in the web interface to the proper Apache (httpd) locations:

cp /etc/asterisk/keys/yourcert.crt /etc/pki/tls/certs/
cp /etc/asterisk/keys/yourcert.key /etc/pki/tls/private/

Modify the SSL Configuration

Edit the webserver SSL configuration at /etc/httpd/conf.d/ssl.conf with the following:

# ...

# Find this line:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Replace with:
SSLCertificateFile /etc/pki/tls/certs/yourcert.crt

# ...

# Find this line:
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Replace with:
SSLCertificateKeyFile /etc/pki/tls/private/yourcert.key

# ...

Restart the HTTP server

Type the following into the server terminal to restart the httpd server:

service httpd restart

Check your work!

At this time, the web interface should serve the new certificate in your browser. If you don’t see the changes reflected, sometimes just clearing cache doesn’t work, so you may try incognito/private mode or close out all of the browser processes and open it again to see the changes.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.