It is almost a direct yes answer. SSL certificates protect the integrity and privacy of your service. If you google a little, you will find you can create your own SSL certificates yourself. However, using a home-made it is not always the best solution.
Self-signed home-made certificates offer the same level of protection than a commercial one. The difference is that certificate authorities from commercial certificates are already imported in most of the devices. Which it enables a trust relationship when verifying the certificate. Commercial certificates have some levels of review, therefore when getting a certificate for inside-out.xyz domain, there could be a trust relationship as depending the kind of commercial certificate you were getting, some identity reviews were done.
On the other hand, there are multi-domain, wildcard or single FQDN certificates. Multi-domain certificates take advantage of the multi DN capability of SSL certificates and allow you to have for example inside-out.xyz and inside-out.com domains together. Wildcard certificates are those that accept anything on the hostname part of the domain, for example, www.inside-out.xyz and blog.inside-out.xyz will be accepted in the same certificate.
I will write about the different options and the implications of using an SSL certificate.
As FusionPBX is just a FreeSWITCH frontend. I will focus here on the HTTP part. FusionPBX may utilize the SSL certificates in the following flows:
In a standard deployment, FusionPBX pushes the CDR to the 127.0.0.1 address. Therefore, there is no need to use a certificate as the information flow does not touch anything but inside the server. If you have a more complex deployment, like the one I describe in my XML Importing article, then you probably need a self-signed one if the information travels through the Internet (for example, between two VPS'es). I find useless to use a commercial certificate here as the information flow is private. There is no exposure to the end user.
Provisioning is the capability that FusionPBX gives to "auto-configure" your IP Phones without system administrator intervention. It is almost human-free as the first interaction you must tell the device where to pull information from.
FusionPBX links an IP Telephone in two possible ways:
If you are giving access to your users to the WEB Interface of FusionPBX, I do not need to explain why you need a commercial certificate. Now, the question is if you want a wildcard or a single FQDN one.
FusonPBX links the user access in two possible ways:
Usually, VoIP utilizes SIP for signalling and RTP for the sound. And optionally, you can crypt SIP only or SIP+RTP. In my experience, a self-signed certificate has worked with me when implementing this. So, there is not too much to add.
Good question, happily for everyone, I am SSL reseller. I can give you a very good deal for a single FQDN or for a wildcard SSL Certificate. Just contact me.
Good luck!blog comments powered by Disqus