Upload TLS certificates to the PBX

Yeastar P-Series PBX System supports TLS protocol to secure SIP messaging. Before using TLS protocol, you may need to upload a TLS certificate.

Background information

With TLS protocol enabled on the PBX, a TLS certificate may be required in the following situations:
  • When the PBX acts as a server, a server certificate is required.

    If the PBX requires to verify TLS client (PBX Settings > SIP Settings > TLS > TLS Verify Client), you need to upload a client certificate to both PBX and TLS client, or the TLS connection would fail.

  • When the PBX acts as a client, whether a client certificate is required depends on the server.

    If the PBX requires to verify TLS server (PBX Settings > SIP Settings > TLS > TLS Verify Server), you need to upload a server certificate.

Upload a TLS server certificate

Prerequisites
You have prepared a server certificate in .pem format.
Procedure
  1. Log in to PBX web portal, go to Security > Security Settings > Certificates, click Upload.

    A window pops up, which requires you to select certificate type and upload a certificate.

    Note: You can ONLY upload 3 certificates.
  2. In the Certificate Type drop-down list, choose PBX Certificate.
  3. Click Browse to select the desired certificate.
  4. Click Upload.
Result
The certificate is uploaded successfully, and is displayed on Certificates list.

Upload a TLS client certificate

Prerequisites
You have prepared a client certificate in .cer or .crt format.
Procedure
  1. Log in to PBX web portal, go to Security > Security Settings > Certificates, click Upload.

    A window pops up, which requires you to select certificate type and upload a certificate.

    Note: You can ONLY upload 20 certificates.
  2. In the Certificate Type drop-down list, choose Trusted Certificate.
  3. Click Browse to select the desired certificate.
  4. Click Upload.
Result
The certificate is uploaded successfully, and is displayed on Certificates list.