HTTPS Setup using self signed cert not working

certification data base of Firefox

Looks like you don’t have the right ports open for webrtc nor ucp node.

can you guide me? I checked advance settings for node-js : 8001 & 8003 ports are assigned.

Well you don’t need node js for anything you are doing do just uninstall ucpnode for now

Emmm why? I did this before and install again. I’m using XMPP.
Is there any relation with webRTC phone and Node?

There is no relation but it’s not working for you anyways so xmpp won’t either.

yes, what about certificate that node-js is using?

That doesn’t matter focus on one thing at a time and you’ll have better luck.

Ok. I removed it now. only I don’t get UCP node red error. And webRTC phone are red too and I receive : ERROR[6006]: tcptls.c:397 tcptls_stream_close: SSL_shutdown() failed: 1
in Asterisk.

PS: I missed XMPP in http too. :slight_smile:

Switch to edge mode. Download all edge modules. Delete the certificate in cert man. Regenerate it. Then make it the default. Go into sysadmin and install that certificate.

I followed you, even I run fwconsole restart, but result is same, and webRTC phone is blinking red/yellow.

PS: Chrome is not usable.

Sorry for the delay on my response Andrew,

FreePBX version 10.13.66-12
I’m not on edge track so modules are:
Certman: 13.0.23
Sysadmin 13.0.57.8

When I try to logon to the admin console using https in chrome I get:

"x.x.x.x normally uses encryption to protect your information. When Google Chrome tried to connect to x.x.x.x this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be x.x.x.x, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit x.x.x.x right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later."

In firefox it well let me add an exception and connect anyway.

Same mine. So you can use webRTC phone on Firefox ?

webRTC works fine when logged in to UCP with http://

However, when using https:// I get the following error:

Unable to connect to the UCP Node Server because: ‘Error: xhr poll error’

Guys. Please completely ignore the UCP node error.

Unfortunately I’ve run this multiple ways and I’m unable to replicate any issues with the self signed certificate. Considering certificates from verified publishers are completely free I really feel as though you all should give up on self signed and just get a real certificate. Unless you can document how to generate a bad certificate. Honestly it might be that your hardware does not support generating certificates.

@tjgertge your issue seems completely unrelated to this thread. It’s about ucp node. Just uninstall it.

I tried to use free publisher site, but they ask for valid domain name. my server and users are internal.

As you mentioned before, you didn’t test with latest Chrome that is 51.X.

I install new instance and update all modules to edge and same issues there are.

Yes I did test with the latest chrome. I am on the beta track and chrome always upgrades in the background. This isn’t a chrome issue. It’s something wrong with your system.

Everytime I do what you say I have zero issues. We also used self signed certs for our trainings and that still works fine as well.

Alternatively you can just research how to make a self signed certificate then upload it yourself. If you can find a method that works better than what we are doing then we are all ears.

Actually I think the issue stems from not having any sort of domain name/dns entry that can resolve for these hosts. In all three of my cases these PBXes were IP only, and had no FQDN associated with them.

So yesterday, I setup a domain and setup DNS entries for these three systems, Went back through the process and they appear to be fine now.

I think chrome was halting access because it couldn’t match up the name of the PBX with an IP. Firefox would let you bypass it. At least that is what it appears from my tests.

Not true. I made up a hostname and then I connected over ip address for all of my tests.

A question please: Did you run “yum update” after installing?