HELP! Installing 3rd Party Certificate problem

Hi Guys,

I have Freepbx running on versoin Asterisk 13.19.1 built by mockbuild Linux on 2018-02-13 20:51:18 UTC

I need help. I have a godaddy bundled certificate (Cert, Trust Chain and Key) and I have uploaded them successfully via CA Mgt module.

There are 2 certs installed, 1st Imported Locally (copied certs and key to /etc/asterisk/keys/), 2nd uploaded (where you manually put in the cert and key content and save).

After updating the sysadmin module edge, installing the certificates are of no issue, and no error.

However, when I go check the ssl.conf (/etc/httpd/conf.d/ssl.conf) the declared certificates aren’t the ones I have uploaded, but these:

SSLCertificateFile /etc/httpd/pki/webserver.crt
SSLCertificateKeyFile /etc/httpd/pki/webserver.key
SSLCertificateChainFile /etc/httpd/pki/ca-bundle.crt

on every VirtualHost block instead of the actual certificates i have installed.

As an experement, ive tried renaming the files above to a different name, but when I install the certs again, it create new ones.

Tried editing the ssl.conf file to the certs that I need to be declared, restart apache, but still can’t access via ServerName. When I install the certs again, it changes back to the CLI screenshot above.

What should I do?

Thanks! :frowning:

A quick and dirty remedy might be to symlink the files in /etc/httpd/pki to your godaddy ones and make such links immutable.

Have you gone into sysadmin and told Apache what cert to use.

Let me try that. I’ll get back to you.

Hi Tony,

I told apache the way I know how, go to sysadmin, https settings and select the certificate from the dropdown (the one I set up and set as default in the ca mgt) and install it, in which it installed with no errors on the interface as per screenshot above. Is there anything else or things that i might have missed?

Hi dicko,

I’m not sure i understand how would that connect? it seems that freepbx is looking at the default certs and keys, and i notice that webserver.pem is always there in the directory. If creating a symlink (that’s the .pem file right?), how do I tell apache to base on that instead of the default symlink?

I would go with @tonyclewis solution if you have sysadmin.

I’ve managed to fixed it, but a workaround kinda way.

Used nginX to redirect apache port 80 to nginx 443.

That’s it.

Those are the ones you have uploaded. The display you’re seeing in the ‘HTTPS setup’ is the certificate that apache is using. So if you’re getting certificate errors, it’s something else.

Hmm apache and nginx on the same box, Why on earth would you need that?

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.