Update Certificate for Yeastar Central Management Domain Name

To ensure normal access and secure usage of Yeastar Central Management, it is essential to periodically renew the domain certificates to prevent it from expiring. This topic describes how to update certificate for Yeastar Central Management domain name on the web portal.

Note: Yeastar Central Management monitors the validity of the domain name certificate. When it comes to 30 days, 15 days and 7 days before the expiration date, or on the day, a Yeastar Central Management Domain Name Certificate Expired alarm is triggered, and the system proactively sends emails to notify the contacts added in Alarm > Notification Contacts.

Prerequisites

  • Make sure that the Yeastar Central Management version is 87.6.0.16 or later.
  • You have obtained the new domain name certificate, including certificate file and private key.
    Note:
    • Yeastar P-Series Cloud PBX uses NGINX as web server, so the certificate should be compatible with NGINX server.
    • RSA private key and EC private key are supported.

Procedure

  1. Log in to Yeastar Central Management, go to System > Domains > Yeastar Central Management Domain Name.
  2. In the Operations column, click .

  3. In the pop-up window, upload the new domain name certificate and private key, then click Confirm.

    • Certificate File: Click Browse, and select the certificate file in the format of .cer, .crt, or .pem.
      Important: The certificate file must include a COMPLETE Certificate Chain, including the Root CA Certificate, the Intermediate Certificate, and the Server Domain Certificate.
      Note: If you have received the certificate files separately from a Certified Authority (CA), you will need to manually merge the certificates into a bundle file, then paste or upload the complete certificate chain into the Certificate File field. Make sure that you merge the certificates in a specific order from top to bottom: Server Domain Certificate > Intermediate Certificate (if any) > Root CA Certificate. There should be no blank lines between the blocks.

      The figure below shows a merged certificate chain.

    • Certificate Private Key: Click Browse, and select the private key in the format of .key.
      Note: The supported content formats are shown as follows:
      • Start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
      • Start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.
      • Start with -----BEGIN EC PRIVATE KEY----- and end with -----END EC PRIVATE KEY-----.
  4. Click Save.

Result

The certificate expiration date is updated to the latest one, indicating that the domain name certificate is renewed successfully.

Tip: You can verify if your SSL certificate is installed correctly by entering your server's domain name on an online SSL checker tool.