|Table of Contents
Let’s Encrypt is a certification center that automatically issues free cryptographic certificates. You can receive and import such a certificate to your WCS server as described below:1. Run the tool to get a certificate that is shipped with WCS
Receiving SSL certificate using certbot
1. Install epel-release repository
on Centos 7
yum install epel-release
on Centos 8
This will install all necessary dependencies, and the certbot tool starts. In response to the query enter:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
2. Install certbot
on Centos 7
yum install certbot python2-certbot
on Centos 8
sudo dnf install certbot python3-certbot
Install certbot by the following command
sudo apt-get install certbot
Install certbot by official manual
Receiving SSL certificate
1. Open HTTP port 80 and HTTPS port 443 for incoming connections on server instance, for certbot check the server properly.
2. Run certbot
If there is a web server on the same server with WCS, run
sudo certbot certonly --apache
sudo certbot certonly --nginx
If WCS only is installed to the server, run
sudo certbot certonly --standalone
This will request all the necessary information and download SSL certificate files
If you received the certificate successfully, proceed to the next step. If any errors occurred, refer to the certbot-auto documentation.
23. Make sure the /etc/letsencrypt/live/yourdomain/ folder on your server has the following files:
Copy these files to your computer.3
Importing SSL certificate to WCS storage
1. Open the web interface of WCS. Select "Security" in the upper menu, then "Certificates":
42. On the import page, upload page upload the certificate files: cert.pem, chain.pem and the key file privkey.pem:
Or upload the certificate file fullchain.pem and the key file privkey.pem:
Restart the WCS server to apply new settings. After restarting the server, open. If the certificate was imported correctly, you should see that the browser accept the certificate of the WCS server.
If importing of the certificate failed with some errors, proceed to the keytool importing.
53. Remove the self-signed certificate from the keystore
keytool -delete -alias selfsigned -keystore /usr/local/FlashphonerWebCallServer/conf/wss.jks
64. Create a new keystore based on the certificate and the private key
Enter pass phrase for yourdomain.key: ****** Enter Export Password: password
75. Import the newly created keystore to the existing wss.jks
Restart the WCS server to apply the new settings. After restarting the server, open httptest.flashphoner.com again. If certificates are imported correctly, you should see that the browser accepts the WCS server certificate.