Creating and Installing an SSL certificate
Introduction
Contact Center uses http communication on port 81 by default.
In addition it listens on port 80 if Microsoft IIS service is installed. To forward these requests to the Contact Center service, the URL has to start with /QueueController
Contact Center also provides a port for https connections listening on port 444. This port is used by 3iMedia Contact Center Teams App by default.
Getting An SSL Certificate
To enable SSL connections via https a valid SSL certificate has to be provided. There are several ways to obtain this certificate.
Certificate Issued By Microsoft Active Directory Certificate Services (ADCS)
The easiest way to create a valid SSL certificate is by using Microsoft's own certificate services. This service has to be installed and configured in advance. To create a valid certificate the following Powershell command can be used.
In this example the DNS-name ippbxsrv is being used as SwyxWare uses this name for Client-Autodiscovery. The actual DNS-server-name can be used as well. It's just important that the name matches the name used later in the https-request.
Certificate Issued By A Valid Root Authority
There are plenty of companies issueing valid SSL certificates which can be purchased and installed into the Windows Certificate Store. These certificate usually come as PBX-file and can directly be installed into the Windows Certificate Store.
Certificate Issued By Let's Encrypt
It might also be possible to use free Let's Encrypt certificates. Using these kind of certificates could come with two downsides. Firstly the DNS-name has to point to the IP-address of the server, which might be challenging on internal servers. Secondly the DNS-name has to be externally accessible which might be a problem with domains ending with ".local".
Installing / Binding The SSL Certificate
In order to actually use the previously installed certificate it has to be bound to the SSL listener. As Contact Center provides two ways of SSL connections, both ways are described in this article.
Binding Using Microsoft IIS
Assuming Microsoft ISS has been installed the certificate can simple be bound using the IIS Management Console and adding a https-binding to the Default Web Site.
Binding Using Netsh
To bind the certificate to port 444 instead, follow these steps. Execute all commands with administrative privileges.
This command returns the thumbprint of the previously created certificate. The name "ippbxsrv" has to be changed accordingly if the certificate was created with another DNS-name before.
This command binds the certificate with the former retrieved thumbprint on port 444. The thumbprint has to be inserted in the certhash=... parameter.
Testing The Connection
To check if the certificate has been installed correctly the following URLs should work without any browser security waring: