FYI Enabling SSL for Incredible PBX 13 admin interface

[casm23]

There seems to be something I'm missing regarding enabling SSL for the admin interface in Incredible PBX 13.

Generated a CSR, purchased a certificate, installed it. Everything has gone fine so far.

For the life of me, I cannot figure out how to enable SSL for the admin interface. Nearly every guide I'm finding references using the System Administration module to do this, but it's not installed and I am at a loss for working out what needs to happen to get it installed.

Could someone please point me in the right direction for getting this enabled? I really do not want to be sending plaintext credentials to this installation.

 

[wardmundy]

We don't support non-GPL modules in the FreePBX GUI.

 

[restamp]

There seems to be something I'm missing regarding enabling SSL for the admin interface in Incredible PBX 13.

Generated a CSR, purchased a certificate, installed it. Everything has gone fine so far.

For the life of me, I cannot figure out how to enable SSL for the admin interface. Nearly every guide I'm finding references using the System Administration module to do this, but it's not installed and I am at a loss for working out what needs to happen to get it installed.

Could someone please point me in the right direction for getting this enabled? I really do not want to be sending plaintext credentials to this installation.

Setting up SSL under Apache is really a function of Apache:

Do you have mod_ssl loaded?

Have you specified the correct path to your credentials? (For CentOS 6, this would be done in /etc/httpd/conf.d/ssl.conf.)

BTW, for future reference, since it is likely only you that will be using these credentials, instead of the general public, purchasing a cert is probably overkill. A self-signed certificate is just as secure for encrypting the Admin interface.

 

[casm23]

We don't support non-GPL modules in the FreePBX GUI.

OK. So does that mean that there is no way to accomplish this natively ('natively' meaning 'with the off-the-shelf image')?

 

[casm23]

Setting up SSL under Apache is really a function of Apache:

True. However, I was hoping for something that would be configurable straight from the GUI. More:

Do you have mod_ssl loaded?

Have you specified the correct path to your credentials? (For CentOS 6, this would be done in /etc/httpd/conf.d/ssl.conf.)

One of the things I'm shooting for in this is to stay away from modifications that might be overwritten in, say, an upgrade scenario. Everything you're saying makes perfect sense, but I'd prefer to keep changes to items that are likely to survive future updates.

What I may do is just set up a reverse proxy for SSL and stick the PBX behind it. It really wouldn't be much more difficult, and the network design already accommodates the idea.

BTW, for future reference, since it is likely only you that will be using these credentials, instead of the general public, purchasing a cert is probably overkill. A self-signed certificate is just as secure for encrypting the Admin interface.

The policy of the entity that I am building this for is that self-signed certs are not acceptable. If this was my box at home, sure, I'd just use the self-signed cert, but that's unfortunately not an option in this case.

 

[wardmundy]

Our other fundamental objection to the System Admin module is that you turn over root permissions to your server. I can't recall if they warn you of this or not but, if I were building systems for customers, this is something I would never do for a million reasons.