UCP with Firefox and Chrome

Hi,
I know that this question asked before but really I couldn’t find the problem through the answers.
Problem is that users just can login from Chromium to UCP without any problem for XMPP and Webphone. But with Firefox for XMPP, it can’t connect to node server and phone can’t establish connection to server wss…
I have last version of FreePBX 14 and everything is updated.

What is the problem?

Posting logs. Screenshots. Anything would be particularly useful for anyone to be able to help you.

Thanks sure @tm1000

I attached the error that we get.
At the first:


then:

in console we can see these also:

As we’ve told you before. Your certificate is invalid because you are connecting over an IP address.

But chromium is ok.
what is your solution when we are using ucp just internally? we must get a certificate ? we dont have domain name and just using IP.

The certificate has to match a FQDN host name, but that name doesn’t have to exist outside of your network. Let’s Encrypt requires a resolved FQDN, but other signing certs don’t necessarily. You should be able to accomplish this using a self-signed cert or an actual signed cert that you get for your local network host. Verisign (for example) has a section that allows you to download and store private keys on machines that are otherwise sequestered.

2 Likes

It means if i set a valid internal FQDN on pbxact and then make a self-signed certificate, UCP should work ?

NO. We have told you this before. self signed will not work.

Can I use DDNS and get cert from let’s encrypt?

our customers almost have internall server without valid domain name. What is the best solution to use all UCP features of PBXact/FreePBX?

I believe you can, with some limitations; see https://community.letsencrypt.org/t/dyndns-no-ip-managed-dns-support/883/15 .

However, you can get a cert for a subdomain, e.g. mypbx.mycompany.com with no problem. I would assume that your customers have mycompany.com for their web server and email.

I tried to get a cert through Certificate manager, but I got “No valid token”
I tried to use certbot, it did have other issues like Virtual Host name.

So really implementing a UC with PBXact/FreePBX is going to be a dream for me :slight_smile:

We’ve been over this multiple times with you over the last year. My best advice to you is do some research on certificates and ssl. You can do what you want eventually. This isn’t a restriction with freepbx. It’s a browser restriction. No you can’t use self signed certificates unless you trust them on all client machines. Yes you can use internal hosts if you just go out and buy a real certificate for a real domain (or sub domains). Internally at Sangoma we have a wildcard certificate and 30-40 internal hosts. All work over ssl with no issues. But again. You need to go out and do the research and look back on what we’ve said here and in other threads with you.

Thank you. Yes you’re right. I tried last year and now again I’m going to solve it for ever.
Also I searched before to rise a topic here and I can mention to many posts here that are not resolved and I couldn’t get the point.
There are some ticket that you told them remove node or disable UCP, and some others are about let’s certificate with same problem.

Although I asked this question because it is working on Chromium. I though there is a problem in my configuration.

Simple solution.

Your server is on IP: 10.10.10.1

Buy a domain: psdk.com

Utilize: *.internal.psdk.com

Go buy a wildcard certificate for *.internal.psdk.com

Point pbx.internal.psdk.com to 10.10.10.1.

Go into the PBX and upload the wildcard certificate to your PBX in certificate Manager. Make the certificate default

Setup this certificate in Sysadmin for HTTPS.

“fwconsole restart”

Go to “https://pbx.internal.psdk.com

1 Like

Thanks. I fixed it and now it’s certified.
Just I get error for web phone call about media encryption that I’m trying to solve.

note: after any changes in certificate, you should enable/disable the UCP access in user manager. it will add new cert in sip configs.

but if you have a number of users, it would be hard.

You just need to resave the user. You don’t have to change any settings.

Or assign all users to a group and save the group

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.