Sv translation | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
IntroductionSSL or TLS Certificates are a known industry standard for encryption and security. They are used on basically every website today. This page aims to explain the different scenarios of implementing SSL Certificates on your jtel acd, as well as provide a walkthrough on how to do the installation itself.
Your jtel ACD With SSLAccess to your jtel ACD can be secured by SSL. A certificate is installed on the jtel Load Balancer to enable SSL-Encryption when accessing either your jtel portal, Chat or WhatsApp API. There are some differences depending on the location of your system. If you have purchased a license within the jtel Cloud environment, your certificate will be provided and managed by jtel year-round. However, for example on On Premise systems, you will have to provide your own SSL-Certificate. As for our Partners Cloud systems, the certificate might be provided by you, or our partner. jtel CloudThe certificate is provided by jtel and managed year-round. jtel Partner CloudOn the cloud systems of our partners, the certificate will either be provided by our partner, or by you. jtel On PremiseThe certificate will be provided by you. PreparationsIf you are providing the SSL certificate for your jtel installation, the following things described below are required.
Naming the Website / DNSBefore aquiring acquiring a new certificate or using a preexisting one, a name for the jtel Portal website must be chosen. This DNS-Name must then be created in your Public DNS-Zone like Azure DNS or Google Public DNS to ensure that it will be accessible by via the public internet. The Alias below will be the Public IP-Adress Address of your Gateway. This Gateway will route the incoming requests to the jtel Load Balancer. The DNS-Entry will look something like this:
Routing https requestsAfter creating the public DNS-Entry, all https requests made to acd.johntelephony.com will be routed through the public internet to your Gateway xx.xxx.xx.xxx. The gateway must then be configured to forward the https-requests to the jtel load balancer in your internal network via https. The jtel Load Balancer, where the certificate is installed, will then decrypt the https-request and route the now traffic to the webserver or chatserver internally. A simplified explanation of the route could look as follows: https request from any device → Travel through public internet → Your Gateway → Unchanged https request Routed to jtel Load Balancer SSL Certificate ChainThe full SSL-Certificate Chain is required for installation.
InstallationIf your system previously had no certificate installed and was running via http, start here. If you are exchanging your certificate before its expiry and your jtel ACD was configured for https before, start here.
Change the haproxy configuration to httpsFor systems with one Load Balancer and HAProxy use this. For redundant systems with two Load Balancers and HaProxys use this.
Create the haproxy.pem fileThe certificate chain will be put together with a simple cat command in Linux.
TestsAfter finishing, test access with your new https URL. Example URL Adminhttps://acd.johntelephony.com/CarrierPortal/admin Example URL Clienthttps://acd.johntelephony.com/CarrierPortal/login/<ResellerUID>/<ClientUID> Further InformationFurther information regarding security and encryption can be found on these pages: SSL/TLS Certificates - Self-signed certificate SSL/TLS Certificates - Let's Encrypt Certificate SSL/TLS Certificates - OCSP stapling SSL/TLS Certificates - Connecting to the outside world SSL/TLS Certificates - Configure haproxy for several subdomains Useful openssl commandsopenss openssl can be used to for exapmle example ensure that the end_entity_cetificate.crt and private_key.key match. It can also be used to ensure that the private key is not corrupted and to check the validiy validity of the certificate itself. Use the following commands if needed: Checking the private key
Endentitiyentity and private key match
Checking the certificate validity
Converting .pfx Certificates to .pem format
|
...