Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated using 4PSA automated script

This article describes how to change the SSL certificate used by your VoipNow 3 or higher HTTP server.


Before you start, make sure that the following requirements are met:

  • You have the latest VoipNow version (e.g. VoipNow 3 or higher)
  • You have access and basic knowledge for using a SSH client (e.g. Putty).

Change the server's SSL certificate

STEP 1: Generate private key and request certificate.

Log in as root using a SSH client, create a certificate request, and send it to your CA authority:

Code Block
[root@server ~]# openssl req -nodes -newkey rsa:2048 -keyout /root/new.key -out /root/certrequest.csr

This command will generate a 2048-bit key file. Then it will ask basic information about the entity being certified. The Private Key file generated with above command will not have a secret pass-phrase.


When you will receive the message:

"Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:"

DO NOT SUBMIT ANY PASSWORD, just press enter.

STEP 2: Save and keep your new key because you will need it later. 

Send the certrequest.csr to to your CA authority and they will send back to you a new certificate. After you receive the certificate, copy it on your server in your root directory. Let us assume that the certificate name is newcert.crt.

STEP 3: Make a backup copy of the existing certificate. 

Create a backup copy of the existing httpd.pem. If something goes wrong you can restore the certificate from backup:

Code Block
[root@server ~]# cp /etc/voipnow/certs/http.pem /etc/voipnow/certs/http.pem.backup

titleVoipNow 3.0.7

If you are still using VoipNow 3.0.x, replace /etc/voipnow/certs/http.pem with /usr/local/voipnow/admin/conf/voipnow.pem


Install the new certificate

The newcert.crt contains the the primary certificate received from the CA authority.

The voipnow.key file contain the private key generated earlier.

If an intermediate certificate was provided by your CA authority, it should be concatenated into the same file as the primary certificate. Let's consider intermediate_cert.crt as the intermediate certificate for our example.

STEP 1: Copy the key to the proper location and rename the key: 

Code Block
[root@server ~]# cat /root/new.key /root/newcert.crt > /etc/voipnow/certs/http.pem

If you have an intermediate certificate, use this command:

Code Block
[root@server ~]# cat /root/new.key /root/newcert.crt /root/intermediate_cert.crt > /etc/voipnow/certs/http.pem

titleVoipNow 3.0.7

If you are still using VoipNow 3.0.x, replace /etc/voipnow/certs/http.pem with /usr/local/voipnow/admin/conf/voipnow.pem

STEP 2: Change the permission and the ownership of http.pem:

Code Block
[root@server ~]# chmod 400 /etc/voipnow/certs/http.pem
[root@server ~]# chown httpsa:httpsa /etc/voipnow/certs/http.pem

titleVoipNow 3.0.7

If you are still using VoipNow 3.0.x, replace /etc/voipnow/certs/http.pem with /usr/local/voipnow/admin/conf/voipnow.pem

Test installation of new certificate

Restart VoipNow HTTP service using:

Code Block
[root@server ~]# /etc/init.d/voipnow restart

If everything goes well and VoipNow service starts without errors verify if the certificate is installed as should using SSL checker.

Content by Label
cqllabel in ("ssl","certificate") and space = currentSpace()
labelsssl certificate

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.