Page 1 of 1

Trust cert problem connecting community and document

PostPosted: Sat Mar 17, 2018 2:14 pm
by gpufler
Hi.

I'm using latest versions of community and document server. I install them on different machines and both running as expected.
I switch them to use https with self signed certificates (openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/priv .... ) and I can call/access every machine separately (work with community normally, and with document server I get welcome page - all normal).
Now when I try to connect community and document server I receive following error:

Community server url: Error: TrustFailure (One or more errors occurred.),[object Object]

So, if I understand it correctly document server does not trust self signed cert from document server. And that's normal.
But, how can I tell community server that it's OK to use that certificate? Or, I expect that I need to copy something (key, pem) from document server to community server, but where and do I need to change some config files?

THX
Goran

Re: Trust cert problem connecting community and document

PostPosted: Mon Mar 19, 2018 7:54 am
by Maxim
Hello!
1. Please specify what instruction you followed to install servers.
2. All self-signed certificates do not have CA certs that's why they are not safe, but Let'sEncrypt has CA certs.
3. So, you can use Certbot to enable HTTPS on your website or you can install Enterprise Edition on the domain name you need and generate SSL certs (Let'sEncrypt) and use them on your servers.
But, how can I tell community server that it's OK to use that certificate?
You can't because it depends on the OS, not on the Document or Community server, OS doesn't trust SSL certs.

Re: Trust cert problem connecting community and document

PostPosted: Mon Mar 19, 2018 10:39 am
by gpufler
Hi,

I use standard install procedure for both servers :
document server - https://helpcenter.onlyoffice.com/serve ... ation.aspx
community server - https://helpcenter.onlyoffice.com/serve ... ation.aspx
I see process for let's encript, but I can not use it, since I have local domain which can not be used (dns error, since certbot can not check validity of DNS names).

You can't because it depends on the OS, not on the Document or Community server, OS doesn't trust SSL certs.

I do not agree about that :(
It's ubuntu and I communicate on OS level between servers without any problem, and I also use CURL without problem (of course after I convince him to trust that cert), so, my wild guess is that your library require approval for that cert. For example, in my JAVA applications I need to use TrustSelfSignedStrategy() to override that problem.

Goran

Re: Trust cert problem connecting community and document

PostPosted: Tue Jul 03, 2018 10:46 pm
by abesse
Hi
I have exactly the same problem.

[code][2018-07-03 17:25:31,758 ERROR [Thread Pool Worker] ASC.Api - method error: https://IP/api/2.0/files/docservice.json?__=967564 - Server error
System.Exception: Community server url: Error: TrustFailure (A call to SSPI failed, see inner exception.)
/code]

My certificate on webfront (in https) are validated by my web browser.
Thank's

Re: Trust cert problem connecting community and document

PostPosted: Wed Jul 04, 2018 7:22 am
by abesse
Hi

I have exactly the same problem.

Code: Select all
2018-07-03 17:25:31,758 ERROR [Thread Pool Worker] ASC.Api - method error: https://{{IP}}/api/2.0/files/docservice.json?__=967564 - Server error
System.Exception: Community server url: Error: TrustFailure (A call to SSPI failed, see inner exception.)


my certificates are okay, when I 'm going to the front-office, certificates are validated without any problems.

But I think about the call method of the API (in logs) https://{{IP}} (with IP address and not the domain .....It's probably the way but I'dont know)

Could you please help me

Thank's