Problem with custom certificate SSL


(Protagon Antagon) #1

Hey guys… I am new here and i have managed to install pretty much everything
to get a groupware server running for 18 different mail accounts, owncloud and alike
– The system works brilliantly and for that sooo faaar i would like to express my cordially heartfulliest feeling upon that !! nethserver is one of a kind!

— After that i ordered a custom SSL certificate for the server domain, registered 'em by the module
and email services, as well as owncloud related subpathes work all great —
The only thing: since then i cannot reach the dashboard anymore.

the server rewrite weren’t touched, it is still on port 980.

So i started to look around for how to fix it.
my first thought was that the port may be closed. so i checked for a way to look up the ports on the machine
by using nmap -p 980 xxxyyyzzzz

  • the result:

Starting Nmap 5.51 ( http://nmap.org ) at 2015-04-23 18:33 UTC
Nmap scan report for xxx (a.b.c.d)
Host is up (0.000092s latency).
PORT STATE SERVICE
980/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

i tried to adjust the values, but not really with a good luck resolving the issue.
whats wrong? anyone can help me?


(Alessio Fattorini) #2

Do you have follow this?
http://docs.nethserver.org/projects/nethserver-devel/en/latest/certificate_management.html#install-a-custom-certificate

Please paste this command output:

config show pki

(Protagon Antagon) #3

Hey Alessio,

but, as i had some problems with the certificate within the dovecot and postfix i manually changed them at their config as well to match it exactly to the ones used for reference within nethserver module. – but i think this wont make a difference, would it?

[root@www ~]# config show pki
pki=configuration
CertificateDuration=3650
ChainFile=/etc/pki/tls/certs/bundle.crt
CommonName=
CountryCode=
CrtFile=/etc/pki/tls/certs/www.lenbau.at.crt
EmailAddress=
KeyFile=/etc/pki/tls/private/lenbau.key
Locality=
Organization=
OrganizationalUnitName=
State=
SubjectAltName=


(Protagon Antagon) #4
  • hmm… didn’t discover the failure as of yet for it. anyone?

(Protagon Antagon) #5

actually - i think itmay be not be related to the SSL CERT.
i am rather looking for a solution to access the dashboard again, as I cannot, due to port 980 being closed.
so what to do?


(Protagon Antagon) #6

so – for anyone interested.
– I had to manually resove the firewall setting.
i did so tada via the dashboard, which i could only access by removing my custom SSL certificate.

so to remove the custom certificate do the following:
db configuration setprop pki CrtFile ''
db configuration setprop pki KeyFile ''
db configuration setprop pki ChainFile ‘’

—> don’t forget to update the event to the system

signal-event certificate-update

---- at least for me this was necessary to get back into the system.
now adjust the firewall settings. (i.e. explicitly open port 980)

now we can install your custom SSL certificate again:

so almost same command as removing:

db configuration setprop pki CrtFile '/etc/pki/tls/certs/it-is-your-ssl-custom-certificate.crt’
db configuration setprop pki KeyFile '/etc/pki/tls/private/it-is-your-ssl-key-file.key’
db configuration setprop pki ChainFile ‘/etc/pki/tls/certs/it-is-your-SSL-bundle-file-this-time.crt’

— > now - again please do not forget for the procedure to take effect

signal-event certificate-update

—> for including the custom certificates into your backup rule please finish installment with:

echp ‘/etc/pki/tls/certs/it-is-your-ssl-custom-certificate.crt’ >> /etc/backup-config.d/custom.include
echo ‘/etc/pki/tls/private/it-is-your-ssl-key-file.key’ >> /etc/backup-config.d/custom.include
echo ‘/etc/pki/tls/certs/it-is-your-SSL-bundle-file-this-time.crt’ >> /etc/backup-config.d/custom.include