by Vedisoft

All-In-One CTI is a computer telephony integration between SugarCRM and most popular PBXs. Easy install. Stable work. 100% support.

Cancel at any time!
Free Trial

#830 - SSL Issues

Open Installation created by paddy.ofarrell Verified Purchase 7 years ago

Hi,

I had everything working correctly, then decided to install an SSL cert.....

It appears to be installed correctly, when I test the cert using SSLShopper.com it gives it all green.

And I've amended the ws:// to ws:// in SuiteCRM, and set use ssl to True in the cel_prostiezvonki.conf file

But, when I click on a phone number in contacts (which was working previously) I get the following in the browser console: (I've edited my domain name below)

sugar_grp1.js?v=aQvnJc5LZAn1lDw91c6vBQ:914 WebSocket connection to 'wss://my.domain.com:10150/?CID=MTIz&CT=sugarcrm&GID=101&PhoneNumber=101&BroadcastEventsMask=0&BroadcastGroup=&PzProtocolVersion=1' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE

The FreePBX server is on an AWS EC2 instance, and port 10150 is set to allow tcp from 0.0.0.0/0. Also, the cert is installed in FreePBX and appears to be OK. The only thing I have not done yet is force http to https on the server

Any idea what I'm missing?

  1. paddy.ofarrell member avatar

    paddy.ofarrell Verified Purchase

    7 years ago

    Oops, there's a typo above, I've amended ws:// to wss://

  2. Vedisoft member avatar

    Vedisoft Provider

    7 years ago

    Hi Paddy, 1. Did you enable SSL in cel_prostiezvonki.conf? And did you restart module in PBX after this? 2. Try to open https://my.domain.com:10150. What do you get? If you get 403 without any security alarms, then everything is correct. If you can't get 403 or you should allow invalid certificate in your browser, then you have a problem with certificate on PBX side

    • paddy.ofarrell member avatar

      paddy.ofarrell Verified Purchase

      7 years ago

      1. Yes, I enabled SSL. And have restarted.

      2. Ahh, this might be it. When I do that, I get Certificate is not trusted. Cert is reg'd to Nikita P in Verdisoft, so it's still seeing the old certificate. Is there anywhere specific I have to include the certificate other than through the FreePBX GUI?

  3. Vedisoft member avatar

    Vedisoft Provider

    7 years ago

    Paddy, 2. you have to replace our test certificate with your valid certs there: You should get 2 files from your certificate provider • Certificate • Private key

    Rename file with certificate into newsert.pem and replace in /etc/asterisk Rename file with private key into privkey1.pem and replace in /etc/asterisk

    AND please generate this file in /etc/asterisk with such command: openssl dhparam -out dh512.pem 2048

    • paddy.ofarrell member avatar

      paddy.ofarrell Verified Purchase

      7 years ago

      Yep, that worked perfectly - thank you very much!

  4. Vedisoft member avatar

    Vedisoft Provider

    7 years ago

    you are welcome

    • paddy.ofarrell member avatar

      paddy.ofarrell Verified Purchase

      6 years ago

      Hi,

      My cert has expired, so I now have a new cert. I've added the cert to the server that runs freePBX and it is working correct.

      However, for the connection between suiteCRM and freepbx I'm getting the error:

      WebSocket connection to 'wss://pbx.transfergecko.com:10150/?CID=Z2Vja28xOTczQEA=&CT=sugarcrm&GID=101&PhoneNumber=101&BroadcastEventsMask=0&BroadcastGroup=&PzProtocolVersion=1' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED

      which is similar to the original issue above.

      I've taken my: TGSSL.crt
      TGSSL.key

      and renamed them as:

      TGSSL.crt -> newsert.pem TGSSL.key -> privkey1.pem

      and then ran the line: openssl dhparam -out dh512.pem 2048

      But I still get the javascript error as above. When I try to connect to https://pbx.transfergecko.com:10150/ in browser I get an error as the cert has outdated settings.

      Any ideas on how to update to the new cert?

      Paddy

    • Vedisoft member avatar

      Vedisoft Provider

      6 years ago

      Hi Paddy, Did you put these 3 files (newsert, privkey1, dh512) to folder that is set in cel_prostiezvonki.conf in parameter "certificate_path" (by default this is "etc/asterisk/")

      Best regards Andrey Uymin Project manager, Vedisoft a@vedisoft.info skype: andrew.uymin

    • paddy.ofarrell member avatar

      paddy.ofarrell Verified Purchase

      6 years ago

      Hi Andrey,

      Yes, however the old dh512 is still there, I ran the openssl command with sudo and it completed successfully (it didn't without sudo).

      Maybe should I delete the existing dh512?

      Paddy

  5. Vedisoft member avatar

    Vedisoft Provider

    6 years ago

    Paddy, dh512 should not have such effect.

    Make sure the rest files are new and ! reload module OR restart PBX.

    • paddy.ofarrell member avatar

      paddy.ofarrell Verified Purchase

      6 years ago

      Hi Andrey,

      Thanks, I've restarted the PBX a few times (no change), but what exactly do you mean by reload module (though I guess restarting PBX does this anyway)

      Paddy

    • paddy.ofarrell member avatar

      paddy.ofarrell Verified Purchase

      6 years ago

      Thanks Andrey,

      I just double checked and for some stupid reason I had newsert.pem with a .crt extension (no idea how I missed that!)

      I fixed that and its working fine now.

      Thank you for your help

  6. Vedisoft member avatar

    Vedisoft Provider

    6 years ago

    Ok) You are welcome.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...