6 Swyx Connectivity Setup Tool
SwyxWare is equipped with an automatically generated (SelfSigned) TLS certificate by default. The Swyx Connectivity Setup Tool (SCST) allows you to equip SwyxWare with an official trusted TLS certificate and optionally with a unique public server name (Fully qualified Domain Name, FQDN).
The TLS server certificate allows SwyxWare services and clients to ensure that you are communicating with the correct server in encrypted form. Swyx Control Center and the SwyxConfigDataStore service also use this TLS certificate on the provisioning interface for certified SIP phones, SwyxDECT 800 and the REST interface for client connections.
Currently, SCST does not support SwyxWare services installed on a machine other than SwyxServer.
RemoteConnector
You can also define the settings for the RemoteConnector via SCST.
SwyxRemoteConnector Is a SwyxWare service that enables and manages connections from SwyxWare clients to SwyxServer from the Internet.
Connections to the SwyxRemoteConnector are protected not only with a server certificate but also with user-specific client certificates. Therefore SwyxRemoteConnector uses its own X.509 root, server and client certificates. The RemoteConnector certificates are independent from the TLS server certificate of the other SwyxWare services.
 |
You can have RemoteConnector certificates (root and server certificate) generated and installed via SCST. You can generate client certificates manually for desired users or have them generated automatically for all users.
|
Split DNS in the internal network
The clients reaching SwyxServer on the internal network must also use the unique FQDN for which the TLS server certificate is issued.
It is not recommended that network traffic from clients on the internal network flow through their network's public IP and Internet router, rather than directly to SwyxWare. The DNS queries for the IP address of the FDQN must be answered with the internal IP address of the SwyxServer in your local network.
|
External Clients
|
FQDN
|
External IP address
|
|
Internal clients
|
FQDN
|
Internal IP address of the SwyxServer
|
For this purpose, you need to set up a DNS service or server in your local network.
 |
Swyx Connectivity Setup Tool can only be started after the SwyxWare installation and its initial configuration in the SwyxWare configuration wizard has been done.
|
|
|
On the SwyxDECT 800 base station (Ascom) you have to install the TLS root certificate yourself, see Install TLS root certificate on DECT 800 base station
|
|
|
If you provide SwyxWare with a trusted TLS certificate, you have to make sure that SwyxServer and all clients connecting to SwyxWare get the correct date and time. See also service.swyx.net/hc/en/articles/360000014639-SwyxPhones-need-correct-time-for-connections-to-the-SwyxServer-
|
|
|
If you are running a Windows domain on your internal network, the date and time on the Windows server and clients are already correctly synchronized.
|
Last modified date: 09.16.2022