Upload Certificate

(Vincent) #1

“There was an error importing the certificate: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!”

What am I doing wrong?

I have an SSL for this domain name through ionos.
Certification Authority: GeoTrust - powered by DigiCert
Authentication Method: DNS-based domain validation
I have a .key file, and .cer file and a .csr file
I open them up with notepad and copy and paste into the Upload Certificate boxes

for the key I put
MIIEpAIBAAKCAQEAu lots of characters

for my csr i put
lots of characters

for Trusted Chain I use the intermediate .cer
lots of characters


Windows notepad does not do end of lines to suit linux (there no end of lines in certificates)


Try using notepad++

(Vincent) #4

I removed the ----begin-- and ----end—
It seems like I need a step by step guide. I did a few hours of research on this and still got nowhere.

  1. do I need a private key? I can download a .key file and paste it, is that what it is? SSL certificate is a .key file

  2. the certificate, is that an intermediate cert?

  3. trusted chain, is that the intermediate cert?

(Vincent) #5

I opened the downloaded files with notepad++ and it showed the same information i saw in notepad.


Don’t remove anything from the content,. Just copy and paste from notepad++ exactly what is in there. I know it works as I have done it before using notepad++

(Vincent) #7

I did read everything here twice. But I already have an SSL certificate for my fqdn for my pbxact. https://wiki.freepbx.org/display/FPG/Certificate+Management+User+Guide#CertificateManagementUserGuide-UploadCertificate


Not sure why you having so much trouble., though back in version 12, one would upload the files instead of the copy-paste stuff. .
If you having so much trouble , maybe you should go with Let’s Encrypt.


Do not upload the CSR to FreePBX. Only upload the certificate issued by the provider, the intermediate chain given by the provider, and the private key.

(Vincent) #10

Well, it seemed like it took another day for it to work. I now have a real certificate with my pbxact. I reissued the certificate, that generates a key that is downloaded to my computer, a cert, and a intermediate cert. I did have to end the line of the key with -----END CERTIFICATE----- or -----END RSA PRIVATE KEY-----
I could not leave that end line out. There is no GUI way to upload these .key file or the certificate files. I do not know how to upload these files to then run the console commands.
Lets encrypt worked once for me in April 2020, then I could not generate again with the same network setup, it times out.