Certificate named "default" has expired

Rumprcimprcampr · October 31, 2023, 5:28pm

Hello,

I’ve encountered this message on my FreePBX. I found an article that describes how to create a certificate (Certificate Management User Guide - PBX GUI - Documentation), but I’m not sure why I need this certificate.

Also clicking on resolve and after that on update Certificate has no result.

Is it possible to just ignore this message? And what will happen if I do?
What if I will decide to use only http instead of https?

To resolve this, I’m considering generating a self-signed certificate, similar to the default one.

So, can I simply delete the expired certificate, click on “Create New Self-Signed certificate”, enter any description, and it will work? Because the certificate authority and hostname are already pre-populated.

Thanks for any hints

comtech · October 31, 2023, 5:55pm

Yes, it will not stop you from using most functions. There are some functions however, like the paid Sangoma Talk softphone, that require a valid certificate.

Anything you submit on the FreePBX web GUI will be sent over your network unencrypted. Other devices on the same network could theoretically view the contents of what you are sending back and forth from the PBX server. Is this a big deal? It depends on your use case and network. HTTPS is certainly a best practice and recommended for that reason alone.

It should, try it and see what happens.

dicko · October 31, 2023, 7:21pm

Most modern browsers will complain heartily if presented with a self signed certificate

Stewart1 · October 31, 2023, 8:04pm

Sure, but once you proceed past that, you’re fine.

dicko · October 31, 2023, 8:15pm

But it is unnecessary and pisses of any clients you might have, several authorities issue free certs so WTFN ?

Rumprcimprcampr · November 1, 2023, 10:04am

Thank you, guys, for the explanation. To ensure I’ve understood correctly, let’s summarize what I’ve learned:

It affects only certain commercial modules or connections via HTTPS.
It can be safely ignored.
It doesn’t affect manager.conf or other APIs if they are not using HTTPS.

Please correct me if I’m mistaken.

comtech · November 1, 2023, 5:48pm

Correct

Unknown. Only you can answer that. It can be a critical hole or not a big deal depending on your network, FreePBX purpose, etc. On a more open or unsecured network, this can be an easy way to get hacked, for example.

Correct

Rumprcimprcampr · November 2, 2023, 6:55pm

Thank you for correction.

It helped me so much.

system · November 9, 2023, 6:56pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.