HTTPS Setup using self signed cert not working

psdk · June 30, 2016, 4:47am

I checked module update and I noticed one UCP update so I did. and then I received this dear.

Dear these are totally local environment and government and lows doesn’t do any interference.

tm1000 · June 30, 2016, 4:48am

We can keep arguing if you wish however UCP doesn’t do anything with certificates.

psdk · June 30, 2016, 4:51am

what about sipjs for webRTC phone?

tm1000 · June 30, 2016, 4:52am

That is part of the webrtc module.

NUB · July 6, 2016, 3:24pm

Hi Everybody,

I just want to give this little contribution, that I had almost all Problems described above as well, and I as well used self signed Certificate, which only made WebRTC on http, but not https working.

But after installing an Let’s Encrypt Certificate (which is for free) and reinstalling the UCP Node Server Module, all looks well for me know.
I can logon with https on my UCP Panel, and all Modules are started and “green”, Web Phone as well as XMPP.
So the magic Trick here obviously is really the Let’s encrypt Certificate.

Hope, I could help to not try hours for hours, but go for the Let’s encrypt Certificate right away.

Cheers, NUB

NUB · July 6, 2016, 3:26pm

I forgot to mention, that I have a new / different Problem now, which is that I cant call while getting below Error Message,

chan_sip.c:10427 process_sdp: Can’t provide secure audio requested in SDP offer

but I will open a separate case for this this.

psdk · August 4, 2016, 5:38am

@tm1000 doesn’t accept our claim that something is wrong with self-signed certificate!!

tm1000 · August 4, 2016, 6:18am

I didn’t say I didn’t accept your claim. I said I can’t reproduce it to be able to help you. If you could provide reliable steps for me to reproduce it I’m all about fixing it. I’ve had support and developers test and it works for them. There’s no need to call me out to just prove me wrong.

psdk · August 4, 2016, 6:34am

Yes I know dear. But really really I don’t do any strange thanks. only usual steps. As you know I followed all your suggestion, new installation, 64bit, various browser versions … but no changes.

tm1000 · August 4, 2016, 6:39am

Certificates are free from lets encrypt and startssl. If self signed isn’t working I highly suggest those two.

psdk · August 4, 2016, 6:46am

I don’t have registered domain and my server is local, so I can’t use this service.

xptpa2020 · February 15, 2017, 6:07pm

I would also chime in that you can also use the SSH cli and generate a self-signed cert yourself if you still have the problem with the cert being generated with a SHA1 algorithm and 1024 bit keys. Just use these steps below to get the self signed cert going:

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout /root/mycert.key -out /root/mycert.crt

Then cat each one individually, copy and paste the contents of the .key (private key) and the .crt (certificate) file and paste it in the section for “Private Key” and “Certificate”, respectively, when you upload a cert into FreePBX’s Certificate Manager.

kolpinkb · February 15, 2017, 8:48pm

Check the hostname set in system admin and also /etc/hosts