Upload Certificate


(Vincent) #1

“There was an error importing the certificate: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!”

What am I doing wrong?

I have an SSL for this domain name through ionos.
Certification Authority: GeoTrust - powered by DigiCert
Authentication Method: DNS-based domain validation
I have a .key file, and .cer file and a .csr file
I open them up with notepad and copy and paste into the Upload Certificate boxes

for the key I put
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAu lots of characters
-----END RSA PRIVATE KEY-----

for my csr i put
-----BEGIN CERTIFICATE REQUEST-----
lots of characters
-----END CERTIFICATE REQUEST-----

for Trusted Chain I use the intermediate .cer
-----BEGIN CERTIFICATE-----
lots of characters
-----END CERTIFICATE-----


#2

Windows notepad does not do end of lines to suit linux (there no end of lines in certificates)


#3

Try using notepad++


(Vincent) #4

I removed the ----begin-- and ----end—
It seems like I need a step by step guide. I did a few hours of research on this and still got nowhere.

  1. do I need a private key? I can download a .key file and paste it, is that what it is? SSL certificate is a .key file

  2. the certificate, is that an intermediate cert?

  3. trusted chain, is that the intermediate cert?
    .


(Vincent) #5

I opened the downloaded files with notepad++ and it showed the same information i saw in notepad.


#6

Don’t remove anything from the content,. Just copy and paste from notepad++ exactly what is in there. I know it works as I have done it before using notepad++


(Vincent) #7

I did read everything here twice. But I already have an SSL certificate for my fqdn for my pbxact. https://wiki.freepbx.org/display/FPG/Certificate+Management+User+Guide#CertificateManagementUserGuide-UploadCertificate


#8

Not sure why you having so much trouble., though back in version 12, one would upload the files instead of the copy-paste stuff. .
If you having so much trouble , maybe you should go with Let’s Encrypt.


#9

Do not upload the CSR to FreePBX. Only upload the certificate issued by the provider, the intermediate chain given by the provider, and the private key.


(Vincent) #10

Well, it seemed like it took another day for it to work. I now have a real certificate with my pbxact. I reissued the certificate, that generates a key that is downloaded to my computer, a cert, and a intermediate cert. I did have to end the line of the key with -----END CERTIFICATE----- or -----END RSA PRIVATE KEY-----
I could not leave that end line out. There is no GUI way to upload these .key file or the certificate files. I do not know how to upload these files to then run the console commands.
Lets encrypt worked once for me in April 2020, then I could not generate again with the same network setup, it times out.