6 Swyx Connectivity Setup Tool

help | 6 Swyx Connectivity Setup Tool

SwyxWare is equipped with an automatically generated (SelfSigned) TLS certificate by default. The Swyx Connectivity Setup Tool (SCST) allows you to equip SwyxWare with an official trusted TLS certificate and optionally with a unique public server name (Fully qualified Domain Name, FQDN).

The TLS server certificate allows SwyxWare services and clients to ensure that you are communicating with the correct server in encrypted form. Swyx Control Center and the SwyxConfigDataStore service also use this TLS certificate on the provisioning interface for certified SIP phones, SwyxDECT 800 and the REST interface for client connections.

Currently, SCST does not support SwyxWare services installed on a machine other than SwyxServer.

RemoteConnector

You can define the settings for the RemoteConnector for SwyxIt! in the SCST.

The RemoteConnector for SwyxIt! is a SwyxWare service that enables and manages the connection of SwyxWare clients to SwyxServer from the Internet, see Internet connection via SwyxRemoteConnector

settings of the RemoteConnector for SwyxIt! have no influence on the RemoteConnector for Yealink.

Connections to RemoteConnector are protected not only with a server certificate, but also with user-specific client certificates. This is why RemoteConnector uses its own X.509 root, server and client certificates. The RemoteConnector for SwyxIt! Certificates are independent of the TLS server certificate of the other SwyxWare services.

You can have RemoteConnector certificates (root and server certificate) generated and installed via SCST. You can generate client certificates manually for desired users or have them generated automatically for all users.

Split DNS in the internal network

The clients reaching SwyxServer on the internal network must also use the unique FQDN for which the TLS server certificate is issued.

It is not recommended that network traffic from clients on the internal network flow through their network's public IP and Internet router, rather than directly to SwyxWare. DNS queries for the IP address of the FDQN must be answered in your local network with the internal IP address of the SwyxServer.

Client type	Target SwyxServer Address	DNS configuration
External Clients	FQDN	External IP address
Internal clients	FQDN	Internal IP address of the SwyxServer

For this purpose, you need to set up a DNS service or server in your local network.

See Configure Split DNS

Swyx Connectivity Setup Tool can only be started after the SwyxWare installation and its initial configuration in the SwyxWare configuration wizard has been done.

On the SwyxDECT 800 base station (Ascom) you have to install the TLS root certificate yourself, see Install TLS root certificate on DECT 800 base station

If you equip SwyxWare with a trusted TLS certificate, you must ensure that SwyxServer and all clients that connect to SwyxWare receive the correct date and time. See also service.swyx.net/hc/en/articles/360000014639-SwyxPhones-need-correct-time-for-connections-to-the-SwyxServer-

If you are running a Windows domain on your internal network, the date and time on the Windows server and clients are already correctly synchronized.

See Application scenarios of SCST:

Last modified date: 01/25/2024