Creating and Installing a Certificate for Call Telemetry Appliance

You can update the Appliance SSL certificate used for administration and user portals.

Prerequisites

• Call Telemetry Appliance 0.8.2 or higher using the OVA or Docker method.

You can upload certificates straight from the web page. You can generate a new private key, or generate a CSR.

Generate a Certificate Signing Request (CSR)

You can also generate a CSR from the appliance. This is useful if you want to use a certificate from a trusted Certificate Authority (CA).

Viewing the CSR

The CSR will be displayed in the text box. You can copy and paste however you need to obtain your certificate.

Updating SSL Certificates on the Appliance

From Settings, click SSL Certificates.

Select your certificate (in PEM format) and key (in PEM format) files, and click Upload.

Restart the Caddy service to apply the changes

docker-compose down
docker-compose up -d

CLI Alternative

The appliance is preconfigured to look for certificates in the /home/calltelemetry/certs directory.

Please access to the appliance via SSH, port 2222 to upload certificates manually.

Certificate File Placement

With everything configured correctly your file structure should will like this:

/home/calltelemetry/
├── docker-compose.yml
├── Caddyfile
├── certs/
│   ├── appliance.crt
│   └── appliance_key.pem

Upload your certificate to the CT Appliance

The appliance is configured to look for /home/calltelemetry/appliance.crt and appliance_key.pem.

For demonstration purposes, we will generate a self-signed certificate for the domain demo.calltelemetry.internal. In a production environment, you would use a certificate from a trusted Certificate Authority (CA).

Open your terminal and run the following commands in the same directory as your docker-compose.yml file:

mkdir -p certs
openssl genrsa -out certs/appliance_key.pem 2048
openssl req -new -key certs/appliance_key.pem -out certs/appliance.csr -subj "/CN=demo.calltelemetry.internal"
openssl x509 -req -days 365 -in certs/appliance.csr -signkey certs/appliance_key.pem -out certs/appliance.crt

Restart the Caddy service to apply the changes

docker-compose down
docker-compose up -d

Verify the Certificate

Use a web browser to validate your certificate. Open a web browser and navigate to https://demo.calltelemetry.internal. Because this is self-signed with no CA, you would not get a green lock icon, but if you are working with a production certificate, you should see a green lock icon.

TIP

If you were to use certificate with a passkey, make sure to remove it before applying it here. You can just regenerate it without a passkey like this.

openssl rsa -in appliance_key.pem -out appliance_key.pem