Scrambled credentials with SSL and chrome

I decide to post in a new topic since this is abit old.

I am having the same problem in all of my FreePBX installations (fresh or upgraded). If I use the the certificate that is generated during installation (with CA on localhost.localdomain) it works ok. If I generate a new one with hostname the IP of the FreePBX DIstro it does not work in Chrome (Firefox is ok).

I get the following error:

Attackers might be trying to steal your information from 192.168.8.40 (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID

192.168.8.40 normally uses encryption to protect your information. When Google Chrome tried to connect to 192.168.8.40 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 192.168.8.40, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit 192.168.8.40 right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later. Learn more.

As I said, if I leave the certificate that is generated during installing it works (I get the option to proceed), but if I generate my own it does not work.

Anyone can shed some light why this happens? I remember one of the developers saying that we should use localhost.localdomain due to a bug (??) in chrome but I am not 100% sure (maybe related to FREEPBX-12407 )

Using FreePBX Distro 10.13.66-17 and certificate manager 13.0.34.8

Regads,
esarant

i assume you are using the Let’s encrypt certificate? did you set it as the default certificate. i assume you installed the certificate using system admin? you might need to restart apache after installing the new cert.

Hello and sorry for my log response.

No, I am using a self singed certificate since the FreePBX is not open at the Internet. As I said the default pre-install certificate (the one that is generated during installation) works fine with chrome. I do get the warning screen from chrome but there is an option to continue.

If I delete it and make a new one, chrome does not have the continue option at all.

This is what I get with the default (on installation) certificate (when clicking the advanced):

and this is after I create a new one with certificate manager (self signed):

EDIT

Comparing the 2 certifcates I found the following:

The subject of the pre-installed is:

E = [email protected]
OU = FreePBX Created Certificate
L = Brisbane
T = QLD
C = AU
O = Automatically Generated FreePBX Certificate
CN = xxx.xxx.xxx.xxx

Whereas the subject of the created one is:

O = OCTO NETWORKS
CN = xxx.xxx.xxx.xxx

And the Subject’s public key from the preinstall is 2048bit and for the created one is 1024bit. Not sure if any of those makes chrome think it got scrambled data.

Regards,
esarant