6.1 Use TLS certificate from Let's Encrypt
If your SwyxWare is licensed online, you have the possibility to get a unique server name (FQDN) from the SwyxON DNS service. SCST requests for this FQDN a TLS server certificate from the Let's Encrypt service and installs it in SwyxWare.
SCST handles the communication to the SwyxON DNS service and Let's Encrypt service and completes the certification in a few steps.
The TLS certificate is automatically updated by SCST before the expiration date. For this purpose, a scheduled process is registered in Windows that regularly checks in the background whether the TLS certificate is about to expire.
FQDN validation
In order for SCST to request the TLS certificate from Let's Encrypt and update it regularly, the following requirements must be met:
The SwyxServer machine must have a working DNS configuration, i.e. DNS queries for the FQDN and all its domains must succeed. If the DNS configured in Windows does not work, SCST tries to reach the following DNS servers: 8.8.8.8, 1.1.1.1, 8.8.4.4.
The SwyxServer machine and your local network must allow outgoing connections via HTTPS. Connections to Let's Encrypt, registration with SwyxON DNS and Swyx online licensing each require the HTTPS protocol.
To use a TLS certificate from Let's Encrypt
1 Start Swyx Connectivity Setup Tool under "Start | Programs | SwyxWare | Swyx Connectivity Setup Tool".
2 Click on NEXT.
The following page appears
Server name.
3 Select the option Get name from SwyxON DNS to request a FQDN for the public IP address.
4 Click on NEXT.
The following page appears
Get name from SwyxON DNS.
5 If necessary, enter the public IP address of your network if SwyxWare has a static public IP address and you do not want to use automatic detection.
6 Click on Request.
At
Provided FQDN appears the randomly generated FQDN and the detected public IP address.
| Be sure to use the corresponding data in the Split DNS configuration. |
7 Click on NEXT.
The following page appears
Automatic certificate mode.
8 Click on "Request and Install".
The request may take a few minutes.
The TLS certificate is being installed.
The certified SIP phones will be provisioned again.
The following information will then appear:
9 Click on NEXT.
The following page appears
RemoteConnector access.
10 Click on NEXT.
The following page appears
RemoteConnector certificate.
11 Click on NEXT.
The following page appears
Summary with the overview of your configuration.
12 Click on EXIT to close SCST.
| If necessary, resend a welcome email to the corresponding SwyxWare users with the new RemoteConnector credentials. |
Last modified date: 01/25/2024