help • 6 Swyx Connectivity Setup Tool • Use own TLS certificate
6.2 Use own TLS certificate
You can also install an existing TLS certificate. In this case you must generate a TLS certificate yourself or purchase it from a certificate authority.
How to install an existing TLS certificate
You have placed the corresponding .pfx file, which contains the server certificate and the private key, in a directory on the SwyxServer machine.
1 Start Swyx Connectivity Setup Tool under "Start | Programs | SwyxWare | Swyx Connectivity Setup Tool".
2 Click on NEXT.
*The following page appears Server name.
3 Select the option Use your own Fully Qualified Domain Name (FQDN).
4 Click on NEXT.
*The following page appears Use your own FQDN.
5 Enter the registered FQDN of your network.
6 Click on Test to verify that the FQDN resolves to the correct IP address.
* 
If a Split DNS is configured in the network, the FQDN is resolved to the local IP address of the SwyxServer via the DNS service.
 
Name
Explanation
Test result
FQDN
FQDN of your network.
Resolved IP Address
The public IP address associated with the FQDN.
7 Click on NEXT.
*The following page appears Manual certificate mode.
8 Click on NEXT.
9 Select the prepared .pfx file from the appropriate directory.
10 Enter the password with which the certificate was protected and click on OK.
*The following information will appear:
Name
Explanation
Certificate
Name
Certificate name as defined when the certificate was generated.
 
Expiration date
The date until which the certificate is still valid. You must re-run SCST and install a new certificate before expiration.
11 Click on Install.
The request may take a few minutes.
*The TLS certificate is being installed.
*The certified SIP phones will be provisioned again.
*The following information will then appear:
Name
Explanation
Certificate installation state
Installed
The certificate is installed for the listed services.
12 Click on NEXT.
*The following page appears RemoteConnector access.
Name
Explanation
Enable Remote access
Enable this option if client connections via Internet to SwyxServer should be allowed.
Authentication server (FQDN)
The public endpoint (as FQDN) of the company network, via which the authentication service can be reached, is assigned automatically.
The default port for the authentication service is 9101.
If you use a different standard port and not 9101, it has to be explicitly stated in the Client settings.
RemoteConnector server (FQDN)
The public endpoint (as FQDN) of the company network, via which the RemoteConnector can be reached, is assigned automatically.
The default port for the RemoteConnector is 16203.
13 Click on NEXT.
*The page RemoteConnector certificate.
Name
Explanation
Automatic password management
Enable this option if you want the root certificate password to be generated automatically.
Generate client certificates
Enable this option if you want a RemoteConnector client certificate to be automatically generated for each user.
Manual password management
Enable this option if you want to assign the password for the root certificate yourself.
In this case SwyxWare cannot automatically generate client certificates. You must do this for each user individually, entering the password assigned here in each case, see 11.2.1.3 The "RemoteConnector" Tab
Password Authentication
Enter a password if necessary.
Generate certificates
Click the button to have the root and server certificates generated.
The corresponding certificate thumbprints then appear.
14 Click on NEXT.
*The page Summary with the overview of your configuration.
Name
Explanation
Server configuration
Public IP address
The public IP address of your network.
Server name
The registered FQDN of your network.
TLS configuration
TLS certificate mode
Manual: You use your own certificate.
TLS certificate valid until
The date on which the validity of the certificate expires. You must update the certificate before the expiration date.
TLS certificate name
Certificate designation, consisting among other things of the FQDN to which the certificate is assigned.
Certificate installation state
Installed
The certificate is installed for the listed services.
RemoteConnector configuration
RemoteConnector access
Enabled: Client connection via Internet to SwyxServer is allowed.
Autom. password management
Enabled: The password for the RemoteConnector root certificate was automatically generated and is used by SwyxWare.
or
Manual password management
Enabled: The password for the RemoteConnector root certificate has been set by the administrator and must be entered each time when generating a RemoteConnector client certificate.
Generate client certificates
Enabled: Client certificates for all users are generated automatically.
or
Deactivated: The administrator must have a client certificate generated for each desired user.
15 Click on EXIT to close SCST.
* 
If necessary, resend a welcome email to the corresponding SwyxWare users with the new RemoteConnector credentials.