Installing your own certificates

If you are unable to or would prefer not to use Let’s Encrypt you may alternatively install your own correctly signed certificates issued be an appropriate signing authority, The process is more manual:

  1. Having decided on the fully qualified server name (eg callstash.mycomp.co.uk) use your chosen certifying authority to issue a certificate on your behalf. This will provide you with a certificate chain and a private key.
  2. Copy the certificate chain and the private key onto the CallStash server (instructions below).
  3. Log into the console interface.
  4. Run ‘callstash-set-cert’ to tell CallStash how to find the files (instructions below).
  5. Run ‘callstash-config’ to install and activate the files.

Step one is outside the scope of IPCortex and is entirely dependent on your choice of certifying authority.

Copying the certificate and private key

The process of generating your certificate with your certifying authority will provide you with a combined certificate file and a private key file. The certificate file will be the one appropriate for most web servers.

Both of these files must be copied to your CallStash appliance.

You will need to have the files on a computer running an SSH server. Most Linux machines will have an SSH server active. You can enable the SSH Server on Windows as an “optional feature”.

Start up the console interface.

Use ‘scp’ to copy the two files to the /tmp/ directory:

root@callstash:~# cd /tmp
root@callstash:/tmp # scp user@other-server:/path/to/cert.pem .
root@callstash:/tmp # scp user@other-server:/path/to/priv.key .
root@callstash:/tmp # ls
cert.pem
priv.key
root@callstash:/tmp #

The names of the files are not significant and are likely to differ from this example.

Installing the certificates

Once copied to CallStash the files must be installed and activated. This is a two step process.

First, again from the console interface, run the command ‘callstash-set-cert’ and then start the configuration utility ‘callstash-config’:

From the ‘callstash-config’ menu select the “Setup Certificate” option and from the next page “Use self installed cert” and then confirm your choice.

Note: if you are using your own certificates then it’s your responsibility to renew those certificates before they expire. To install updated certificates reapply the instructions in this section.