ssl certificates conf

[Gabriel T]

Hello

i followed these instructions: https://flashphoner.com/docs/wcs4/1...ment-websocket_ssl-ssl_certificate_import.htm

but only received .crt files and no pem, so i couldnt complete the ssl configuration
then i tryed throught the admin and added the .crt and the key i generated manually with command line on ubuntu, and apparently its still not ok. any updated info about this ssl configuration ?

thank you

 

[Max]

Self signed (self generated) certificates will not work.
WCS already has self-signed certificates. So you don't need to generate your own.

You have to get 'normal' certificates signed by authorized certificate authority (CA).
You can get free certificates from letsencrypt.org or on AWS (amazon web services).
Once you have certificate and private key, you can upload the cert and key via dashboard.

 

[Gabriel T]

thank you for reply

obtained my certificates using certbot available in tools. uploaded chain.pem and privkey.pem. server unavailable after this opération

which files should be uploaded ? certbot generates 3 files (chain, privkey and cert)

 

[Max]

Here what we have with letsencrypt

#ls /etc/letsencrypt/live/wcs5-eu.flashphoner.com
cert.pem  chain.pem  fullchain.pem  fullchain_privkey.pem  privkey.pem  README

So we can either
1. Import

• cert.pem
• chain.pem
• privkey.pem

or
2. Import

• fullchain.pem
• privkey.pem

Please see attached screenshots:

cert.pem, chain.pem, privkey.pem


fullchain.pem, privkey.pem

 

[Max]

If you have any issues, please attach logs/flashphoner_manager.log
If you have Open JDK

java -version

Try to install latest JDK from here:
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Here you can find installation instruction:
https://flashphoner.com/docs/wcs5/w...eparing_for_installation-jdk_installation.htm

 

[Gabriel T]

ok ive changed the files: uploaded cert.pem and privkey.pem and now its working

thank you for your help

 

[Gabriel T]

hello
im' trying to re install wcs with certificate on a new server as im ready to go on production and get a licence.

however im struggling again with the ssl certificate. i'm trying to use letsencrypt inlcuded in tools, and i have the following error after the command "./certbot-auto certonly"

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

any clue ? cant find the tuto for ssl config with letsencrypt

thanks !

 

[Max]

This is a working way:

1. Generate letsencrypt certs manually.

certbot certonly

following prompts here...

2. Letsencrypt will create cert files in

/etc/letsencrypt/domain.com/arcive

3. Download these files to your PC

• fullchain.pem
• privkey.pem

4. Import via Dashboard / Security / Certificates
As described in the message above https://forum.flashphoner.com/threads/ssl-certificates-conf.10997/#post-13222

 

[RapidID]

This is a working way:

1. Generate letsencrypt certs manually.

certbot certonly

following prompts here...

2. Letsencrypt will create cert files in

/etc/letsencrypt/domain.com/arcive

3. Download these files to your PC

• fullchain.pem
• privkey.pem

4. Import via Dashboard / Security / Certificates
As described in the message above https://forum.flashphoner.com/threads/ssl-certificates-conf.10997/#post-13222

Hi Flashphoner Support,

I had to do for a few times now. Every 3 months, SSL expires, certbot does not automatically renew it for us and we get an error.
Is possible to automate this at all? If yes, please advise on how to automate this.

 

[Max]

Hello
You can automate certificate import using keytool
https://docs.flashphoner.com/displa...WebsocketSSL-ImportSSLcertificateusingkeytool