All-In-One CTI is a computer telephony integration between SugarCRM and most popular PBXs. Easy install. Stable work. 100% support.
#830 - SSL Issues
Hi,
I had everything working correctly, then decided to install an SSL cert.....
It appears to be installed correctly, when I test the cert using SSLShopper.com it gives it all green.
And I've amended the ws:// to ws:// in SuiteCRM, and set use ssl to True in the cel_prostiezvonki.conf file
But, when I click on a phone number in contacts (which was working previously) I get the following in the browser console: (I've edited my domain name below)
sugar_grp1.js?v=aQvnJc5LZAn1lDw91c6vBQ:914 WebSocket connection to 'wss://my.domain.com:10150/?CID=MTIz&CT=sugarcrm&GID=101&PhoneNumber=101&BroadcastEventsMask=0&BroadcastGroup=&PzProtocolVersion=1' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE
The FreePBX server is on an AWS EC2 instance, and port 10150 is set to allow tcp from 0.0.0.0/0. Also, the cert is installed in FreePBX and appears to be OK. The only thing I have not done yet is force http to https on the server
Any idea what I'm missing?
eky
6 years ago
Oops, there's a typo above, I've amended ws:// to wss://
6 years ago
Hi Paddy, 1. Did you enable SSL in cel_prostiezvonki.conf? And did you restart module in PBX after this? 2. Try to open https://my.domain.com:10150. What do you get? If you get 403 without any security alarms, then everything is correct. If you can't get 403 or you should allow invalid certificate in your browser, then you have a problem with certificate on PBX side
6 years ago
Yes, I enabled SSL. And have restarted.
Ahh, this might be it. When I do that, I get Certificate is not trusted. Cert is reg'd to Nikita P in Verdisoft, so it's still seeing the old certificate. Is there anywhere specific I have to include the certificate other than through the FreePBX GUI?
6 years ago
Paddy, 2. you have to replace our test certificate with your valid certs there: You should get 2 files from your certificate provider • Certificate • Private key
Rename file with certificate into newsert.pem and replace in /etc/asterisk Rename file with private key into privkey1.pem and replace in /etc/asterisk
AND please generate this file in /etc/asterisk with such command: openssl dhparam -out dh512.pem 2048
6 years ago
Yep, that worked perfectly - thank you very much!
6 years ago
you are welcome
5 years ago
Hi,
My cert has expired, so I now have a new cert. I've added the cert to the server that runs freePBX and it is working correct.
However, for the connection between suiteCRM and freepbx I'm getting the error:
WebSocket connection to 'wss://pbx.transfergecko.com:10150/?CID=Z2Vja28xOTczQEA=&CT=sugarcrm&GID=101&PhoneNumber=101&BroadcastEventsMask=0&BroadcastGroup=&PzProtocolVersion=1' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
which is similar to the original issue above.
I've taken my: TGSSL.crt
TGSSL.key
and renamed them as:
TGSSL.crt -> newsert.pem TGSSL.key -> privkey1.pem
and then ran the line: openssl dhparam -out dh512.pem 2048
But I still get the javascript error as above. When I try to connect to https://pbx.transfergecko.com:10150/ in browser I get an error as the cert has outdated settings.
Any ideas on how to update to the new cert?
Paddy
5 years ago
Hi Paddy, Did you put these 3 files (newsert, privkey1, dh512) to folder that is set in cel_prostiezvonki.conf in parameter "certificate_path" (by default this is "etc/asterisk/")
Best regards Andrey Uymin Project manager, Vedisoft a@vedisoft.info skype: andrew.uymin
5 years ago
Hi Andrey,
Yes, however the old dh512 is still there, I ran the openssl command with sudo and it completed successfully (it didn't without sudo).
Maybe should I delete the existing dh512?
Paddy
5 years ago
Paddy, dh512 should not have such effect.
Make sure the rest files are new and ! reload module OR restart PBX.
5 years ago
Hi Andrey,
Thanks, I've restarted the PBX a few times (no change), but what exactly do you mean by reload module (though I guess restarting PBX does this anyway)
Paddy
5 years ago
Thanks Andrey,
I just double checked and for some stupid reason I had newsert.pem with a .crt extension (no idea how I missed that!)
I fixed that and its working fine now.
Thank you for your help
5 years ago
Ok) You are welcome.