SSL Update 15.5 help

Discussion in '3CX Phone System - General' started by AJ Smith, Oct 8, 2017.

Thread Status:
Not open for further replies.
  1. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
    For the PEM files...do I simply need to only rename the the crt file to PEM, delete the old file, and replace?

    So far, renaming the crt to pem has caused ngenix to fail, stop, and not restart.

    Any thoughts??
     
  2. GiannosC_3CX

    GiannosC_3CX Guest

  3. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
    Yes. Installed the Cert on my server, took the crt and key files and renamed them and place them in the folder. No luck...system still works, but I cannot reach it.
     
  4. GiannosC_3CX

    GiannosC_3CX Guest

    Hi Smith,

    What version are you on, Linux or Windows?
     
  5. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
    Windows 10 Pro
     
  6. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
    Latest update of 15.5
     
  7. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
  8. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,210
    Likes Received:
    84
    I assume you are using custom certs.
    Best to check the Nginx (WebServer) logs whats wrong with the Key and Cert.

    Fault Detection
    If after the installation the web management console does not load, check if any SSL errors can be seen in the nginx logs. In C:\Program Files\3CX Phone System\Bin\nginx\logs\error.log an emergency error will be generated if any mistake was made in the SSL import.


    [emerg] 2568#896: PEM_read_bio_X509_AUX("C:\Program Files\3CX Phone System\Bin\nginx/conf/instance1/ol.eg.com-crt.pem") failed (SSL: error:0906D06C:pEM routines:pEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

    From there you need to take it up with the SSL issuer.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. patricksmalley

    Joined:
    May 13, 2016
    Messages:
    12
    Likes Received:
    0
    Why did you close my thread, it was not related to this one. My web server starts fine, no errors in the log.

    It is a totally different issue... Can you re-open my thread?
     
  10. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
    THis is what I'm seeing.
    2017/10/07 18:09:22 [warn] 4912#4408: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:09:22 [warn] 10288#5864: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:09:22 [warn] 3604#10548: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:09:22 [warn] 7216#5460: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:09:22 [warn] 5548#10792: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:24:57 [emerg] 4316#588: BIO_new_file("C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    2017/10/07 18:29:01 [emerg] 4012#3420: BIO_new_file("C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    2017/10/07 18:29:48 [emerg] 11888#11892: BIO_new_file("C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbxXXXXXXX.com-crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    2017/10/07 18:32:16 [warn] 8468#8460: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:32:16 [warn] 11780#5916: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:32:16 [warn] 11540#11548: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:32:16 [warn] 11272#5404: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
    2017/10/07 18:32:16 [warn] 11936#11940: "ssl_stapling" ignored, issuer certificate not found for certificate "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem"
     
    #10 AJ Smith, Oct 10, 2017
    Last edited by a moderator: Oct 11, 2017
  11. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    I think that now it is clear:
    If a certificate bundle has not been added, only the server certificate #0 will be shown.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. AJ Smith

    Joined:
    Aug 4, 2017
    Messages:
    21
    Likes Received:
    0
    THank you. How do I correct this?
     
  13. GiannosC_3CX

    GiannosC_3CX Guest

    Hi AJ,

    Please make sure that you are using the correct Key and Cert files (key match with cert etc..).
    Also, you can follow the below steps in order to verify if the Crt and Key files match:

    -Go to https://slproweb.com/products/Win32OpenSSL.html and download and install OpenSSL for Windows, the light version.
    -Open a CMD on the windows machine and type: cd c:\OpenSSL-Win32\bin
    -Then type this commands:
    openssl.exe x509 -noout -modulus -in "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-crt.pem" | openssl.exe md5

    openssl.exe rsa -noout -modulus -in "C:\Program Files\3CX Phone System\Bin\nginx/conf/Instance1/3cx-pbx.XXXXXXX.com-key.pem" | openssl.exe md5

    Then compare the output of the above to lines as they must be the same:
    If the output is the same = CRT and KEY files match
    If the output is NOT the same = CRT and KEY file mismatch. In this case they must find the correct Cert/Key pair and re-install, or replace the files in the Nginx directory accordingly.

    FYI: The default path where the CRT and KEY files are located is C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1\

    Please try the above steps and let us know.
     
  14. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,210
    Likes Received:
    84
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.