Unable to replace expired x509 certificate

byrnejb · January 9, 2024, 1:40pm

FreePBX 16.0.40.7

We have an expired PKI certificate that I am trying to update via certman, However when I try to use the “import locally” tab I get this error:

 Whoops \ Exception \ ErrorException (E_WARNING)
openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!



/var/www/html/admin/modules/certman/Certman.class.php

                    "file" => $file,
                    "res" => $key,
                    "raw" => file_get_contents($file)
                );
            }
     
            foreach(glob($location."/*.crt") as $file) {
                if(in_array(basename($file),$cas)) {
                    continue;
                }
                $raw = file_get_contents($file);
                if(empty($raw)) {
                    $processed[] = array(
                        "status" => false,
                        "error" => _("Certificate is empty"),
                        "file" => $file
                    );
                    continue;
                }
                $info = openssl_x509_read($raw);
                foreach($keys as $key) {
                    if (openssl_x509_check_private_key($info, $key['res'])) {
                        $name = basename($file,".crt");
                        try {
                            $status = $this->importCertificate($name,$key['raw'],file_get_contents($file));
                        } catch(\Exception $e) {
                            $processed[] = array(
                                "status" => false,
                                "error" => $e->getMessage(),
                                "file" => $file
                            );
                            continue;
                        }
                        $success = false;
                        if($this->checkCertificateName($name)) {
                            $oldDetails = $this->getCertificateDetailsByBasename($name);
                            if (!empty($oldDetails) && $oldDetails['type'] == 'up') {
                                $this->updateCertificate($oldDetails,_("Imported from file system"));
                                $success = true;
                            }

Arguments

    "openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!"

When I try to report the error from certman as instructed on the page:

Error - Sangoma Issue Tracker

I get this:

403 Forbidden
Request forbidden by administrative rules.

dicko · January 9, 2024, 4:23pm

Perhaps your new cert is not un the correct format, which is derived from it’s ‘extension’

byrnejb · January 9, 2024, 9:10pm

I never get to select any certificate regardless of format. The program blows up as soon as the import tab is selected.

byrnejb · January 11, 2024, 1:51pm

In any case, I have since verified that all certificates are Base64 encoded X509.

system · February 11, 2024, 1:51pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.