• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

SSL Update 15.5 help

Status
Not open for further replies.

AJ Smith

Joined
Aug 4, 2017
Messages
23
Reaction score
0
For the PEM files...do I simply need to only rename the the crt file to PEM, delete the old file, and replace?

So far, renaming the crt to pem has caused ngenix to fail, stop, and not restart.

Any thoughts??
 
Yes. Installed the Cert on my server, took the crt and key files and renamed them and place them in the folder. No luck...system still works, but I cannot reach it.
 
Hi Smith,

What version are you on, Linux or Windows?
 
Windows 10 Pro
 
Latest update of 15.5
 
I assume you are using custom certs.
Best to check the Nginx (WebServer) logs whats wrong with the Key and Cert.

Fault Detection
If after the installation the web management console does not load, check if any SSL errors can be seen in the nginx logs. In C:\Program Files\3CX Phone System\Bin\nginx\logs\error.log an emergency error will be generated if any mistake was made in the SSL import.


[emerg] 2568#896: PEM_read_bio_X509_AUX("C:\Program Files\3CX Phone System\Bin\nginx/conf/instance1/ol.eg.com-crt.pem") failed (SSL: error:0906D06C:pEM routines:pEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

From there you need to take it up with the SSL issuer.
 
Why did you close my thread, it was not related to this one. My web server starts fine, no errors in the log.

It is a totally different issue... Can you re-open my thread?
 
THis is what I'm seeing.
2017/10/07 18:09:22 [warn] 4912#4408: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:09:22 [warn] 10288#5864: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:09:22 [warn] 3604#10548: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:09:22 [warn] 7216#5460: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:09:22 [warn] 5548#10792: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:24:57 [emerg] 4316#588: BIO_new_file("C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2017/10/07 18:29:01 [emerg] 4012#3420: BIO_new_file("C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2017/10/07 18:29:48 [emerg] 11888#11892: BIO_new_file("C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbxXXXXXXX.com-crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2017/10/07 18:32:16 [warn] 8468#8460: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:32:16 [warn] 11780#5916: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:32:16 [warn] 11540#11548: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:32:16 [warn] 11272#5404: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
2017/10/07 18:32:16 [warn] 11936#11940: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
 
Last edited by a moderator:
I think that now it is clear:
If a certificate bundle has not been added, only the server certificate #0 will be shown.
 
THank you. How do I correct this?
 
Hi AJ,

Please make sure that you are using the correct Key and Cert files (key match with cert etc..).
Also, you can follow the below steps in order to verify if the Crt and Key files match:

-Go to https://slproweb.com/products/Win32OpenSSL.html and download and install OpenSSL for Windows, the light version.
-Open a CMD on the windows machine and type: cd c:\OpenSSL-Win32\bin
-Then type this commands:
openssl.exe x509 -noout -modulus -in "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem" | openssl.exe md5

openssl.exe rsa -noout -modulus -in "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-key.pem" | openssl.exe md5

Then compare the output of the above to lines as they must be the same:
If the output is the same = CRT and KEY files match
If the output is NOT the same = CRT and KEY file mismatch. In this case they must find the correct Cert/Key pair and re-install, or replace the files in the Nginx directory accordingly.

FYI: The default path where the CRT and KEY files are located is C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1\

Please try the above steps and let us know.
 
Status
Not open for further replies.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.