To use a certificate generated from a third party or another certificate authority (CA) a certificate signing request (CSR) needs to be generated.
This CSR can then be provided to the CA who can then create the certificate to use.
From the Configuration -> Site -> Features -> Phone Manager -> Certificates section select the "MCS SSL client certificate" and click on Edit. Enter the requested information into the relevant fields.
||The fully-qualified external domain name of the MCS server.
This should be the Client Location Remote NAT IP Address/Hostname: address configured on your MCS server
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.<mydomain>.com.
||Enter any alternative hostnames or IP addresses that may be used to connect to the server, for example the internal DNS name.
This must include the Client Location Local NAT IP Address/Hostname: address configured on your MCS server
||The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
||If applicable, enter the DBA (doing business as) name.
|State / region
||Name of the state or province where your organisation is located. Do not abbreviate.
|City / locality
||Name of the city where your organisation is registered/located. Do not abbreviate.
||The country where your organisation is legally registered.
Note: The certificate (even a wildcard one) needs to include either in the Common name or the Alternative name BOTH of the configured Local IP Address/Hostname: and NAT IP Address/Hostname: addresses in the Client Locations Configuration of your MCS server
Once complete click on the Download CSR file button. This will download a file called MCS_CertificateSigningRequest.csr that contains the CSR information, like that shown below.
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
Follow the relevant process from the CA that is being used to create the certificate. The certificate needs to be Base64 encoded
Once the certificate has been received, this then needs to be uploaded back into the server. From the Configuration -> Site -> Features -> Phone Manager -> Certificates section select the "MCS SSL client certificate" and click on Edit.
As you have already completed the information when you created the CSR – just select the Next button and using the Choose Files button select the certificate file and then click on Save.
The new certificate will take effect
Note: If you change the certificate your Android mobile clients will get a popup on connection to trust the new certificate
If you use a certificate from a trusted CA then you no longer need to have a copy of the server certificate installed on the client