Try the fastest and simplest way to install ONLYOFFICE

Trust cert problem connecting community and document

IIS, Apache

Trust cert problem connecting community and document

Postby gpufler » Sat Mar 17, 2018 2:14 pm

Hi.

I'm using latest versions of community and document server. I install them on different machines and both running as expected.
I switch them to use https with self signed certificates (openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/priv .... ) and I can call/access every machine separately (work with community normally, and with document server I get welcome page - all normal).
Now when I try to connect community and document server I receive following error:

Community server url: Error: TrustFailure (One or more errors occurred.),[object Object]

So, if I understand it correctly document server does not trust self signed cert from document server. And that's normal.
But, how can I tell community server that it's OK to use that certificate? Or, I expect that I need to copy something (key, pem) from document server to community server, but where and do I need to change some config files?

THX
Goran
gpufler
 
Posts: 2
Joined: Sat Mar 17, 2018 1:50 pm

Re: Trust cert problem connecting community and document

Postby Maxim » Mon Mar 19, 2018 7:54 am

Hello!
1. Please specify what instruction you followed to install servers.
2. All self-signed certificates do not have CA certs that's why they are not safe, but Let'sEncrypt has CA certs.
3. So, you can use Certbot to enable HTTPS on your website or you can install Enterprise Edition on the domain name you need and generate SSL certs (Let'sEncrypt) and use them on your servers.
But, how can I tell community server that it's OK to use that certificate?
You can't because it depends on the OS, not on the Document or Community server, OS doesn't trust SSL certs.
Maxim
 
Posts: 1732
Joined: Tue Oct 11, 2016 2:34 pm

Re: Trust cert problem connecting community and document

Postby gpufler » Mon Mar 19, 2018 10:39 am

Hi,

I use standard install procedure for both servers :
document server - https://helpcenter.onlyoffice.com/serve ... ation.aspx
community server - https://helpcenter.onlyoffice.com/serve ... ation.aspx
I see process for let's encript, but I can not use it, since I have local domain which can not be used (dns error, since certbot can not check validity of DNS names).

You can't because it depends on the OS, not on the Document or Community server, OS doesn't trust SSL certs.

I do not agree about that :(
It's ubuntu and I communicate on OS level between servers without any problem, and I also use CURL without problem (of course after I convince him to trust that cert), so, my wild guess is that your library require approval for that cert. For example, in my JAVA applications I need to use TrustSelfSignedStrategy() to override that problem.

Goran
gpufler
 
Posts: 2
Joined: Sat Mar 17, 2018 1:50 pm

Re: Trust cert problem connecting community and document

Postby abesse » Tue Jul 03, 2018 10:46 pm

Hi
I have exactly the same problem.

[code][2018-07-03 17:25:31,758 ERROR [Thread Pool Worker] ASC.Api - method error: https://IP/api/2.0/files/docservice.json?__=967564 - Server error
System.Exception: Community server url: Error: TrustFailure (A call to SSPI failed, see inner exception.)
/code]

My certificate on webfront (in https) are validated by my web browser.
Thank's
abesse
 
Posts: 2
Joined: Tue Jul 03, 2018 10:40 pm

Re: Trust cert problem connecting community and document

Postby abesse » Wed Jul 04, 2018 7:22 am

Hi

I have exactly the same problem.

Code: Select all
2018-07-03 17:25:31,758 ERROR [Thread Pool Worker] ASC.Api - method error: https://{{IP}}/api/2.0/files/docservice.json?__=967564 - Server error
System.Exception: Community server url: Error: TrustFailure (A call to SSPI failed, see inner exception.)


my certificates are okay, when I 'm going to the front-office, certificates are validated without any problems.

But I think about the call method of the API (in logs) https://{{IP}} (with IP address and not the domain .....It's probably the way but I'dont know)

Could you please help me

Thank's
abesse
 
Posts: 2
Joined: Tue Jul 03, 2018 10:40 pm


Return to Web server configuration

Who is online

Users browsing this forum: No registered users and 1 guest