Try the fastest and simplest way to install ONLYOFFICE

can 9.6 use self signed certs??

Issues during installation and related to database

can 9.6 use self signed certs??

Postby ivanbishop » Wed Jul 04, 2018 12:34 am

I posted earlier... I cannot open any documents... and I see these errors.
I generated self signed certs and placed them as I did in the PREVIOUS version of Onlyoffice (this worked)


[2018-07-04 00:32:43.221] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/files/httphandlers/filehandler.ashx?action=stream&fileid=3&version=1&stream_auth=268360361663.VNW6XN0YLBJXMPDD2LXVZPBHNUKANTDPTW6MJBNHI&X-REWRITER-URL=https%3a%2f%2fforscotland.com%3a6443;attempt=1;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=BCsHK55qiXtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
[2018-07-04 00:32:44.239] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/files/httphandlers/filehandler.ashx?action=stream&fileid=3&version=1&stream_auth=268360361663.VNW6XN0YLBJXMPDD2LXVZPBHNUKANTDPTW6MJBNHI&X-REWRITER-URL=https%3a%2f%2fforscotland.com%3a6443;attempt=2;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=BCsHK55qiXtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
[2018-07-04 00:32:45.257] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/files/httphandlers/filehandler.ashx?action=stream&fileid=3&version=1&stream_auth=268360361663.VNW6XN0YLBJXMPDD2LXVZPBHNUKANTDPTW6MJBNHI&X-REWRITER-URL=https%3a%2f%2fforscotland.com%3a6443;attempt=3;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=BCsHK55qiXtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
ivanbishop
 
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

Re: can 9.6 use self signed certs??

Postby Maxim » Thu Jul 05, 2018 10:15 am

Hello!
can 9.6 use self signed certs??

Yes
Error: self signed certificate

Smth is wrong
Maxim
 
Posts: 1694
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Postby ivanbishop » Thu Jul 05, 2018 5:40 pm

yes something is wrong :)

I used the previous version of the docker/community images with self signed certs for 7 months on same server. All worked
perfectly.

The latest docker images are pulled cleanly and you see the document server runs OK and the community server UI pulls up the
documents available for edit OK.


I suspect that node.s is the culprit and that I either mis-entered my domain name into the CERT at creation time OR I need to alter HOW this version of node.js
reacts to self signed certs.


https://www.cyberciti.biz/faq/verify-ss ... e-openssl/
https://stackoverflow.com/questions/204 ... r-29397100


I'll test with wget including "ignore cert check" and see what happens.


thanks
ivanbishop
 
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

Re: can 9.6 use self signed certs??

Postby Maxim » Mon Jul 09, 2018 7:59 am

Hello!
I'll test with wget including "ignore cert check" and see what happens.

Wait for your result
Maxim
 
Posts: 1694
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Postby knife-grinder » Wed Jul 11, 2018 12:02 pm

Hi All,
I'm writing here 'cause we stack in the same problem: DEPTH_ZERO_SELF_SIGNED_CERT.
I did a test using wget and ignoring the non trusted certificate and it goes all well except that it doesn't find the file, maybe 'cause it's not same session.

The error we have is the same:
Code: Select all
[2018-07-11 13:11:25.317] [ERROR] nodeJS - error downloadFile:url=https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9;attempt=3
;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_969052483_docx)
Error: self signed certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:609:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)


WGET says
Code: Select all
wget --no-check-certificate -O conv_check_969052483_docx https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9
 
--2018-07-11 13:18:22--  https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9
Resolving www.oursite.com (www.oursite.com)... IP
Connecting to www.oursite.com (www.oursite.com)|IP|:443... connected.
WARNING: The certificate of ‘www.oursite.com’ is not trusted.
WARNING: The certificate of ‘www.oursite.com’ hasn't got a known issuer.
HTTP request sent, awaiting response... 403 Forbidden
2018-07-11 13:18:23 ERROR 403: Forbidden.


Any idea on how to solve this issue?

Installed:
nodejs 6.14.3-1nodesource1
onlyoffice-documentserver 5.1.4-22
postgresql-9.0 9.0.23-1.pgdg80+2
mono-runtime 5.12.0.226-0xamarin3+debian8b1
nginx 1.6.2-5+deb8u5
rabbitmq-server 3.7.6-1

Operating system:
Linux cesin00vps 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux

TIA
knife-grinder
 
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Postby Maxim » Thu Jul 12, 2018 6:45 am

Hello!
If you disable SSL cert validation in default.json?
Code: Select all
rejectUnauthorized = false
Maxim
 
Posts: 1694
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Postby ivanbishop » Thu Jul 12, 2018 7:52 pm

Hi Maxim, the global disable IU'll try but it make node.js a little insecure ;) It's why I included links in my first post.

I'm busy at work right now but will update when I get a chance.

More importantly can you state clearly if node.js as shipped in latest Onlyoffice isn't "self signed cert friendly"
and that by default you support commercial certs, "letsencrypt" certs ONLY?

I REALLY want OO back and running.

thanks
so much
ivanbishop
 
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

Re: can 9.6 use self signed certs??

Postby Maxim » Mon Jul 16, 2018 7:35 am

Hello ivanbishop!
We recommend letsencrypt certs because there is intermediate cert also. If there is intermediate cert for your self-signed cert please install them.
More importantly can you state clearly if node.js as shipped in latest Onlyoffice isn't "self signed cert friendly"
and that by default you support commercial certs, "letsencrypt" certs ONLY?

node.js is sensitive to intermediate certs which self-signed has not often.
I suppose if you install intermediate certs everything will be ok.
Maxim
 
Posts: 1694
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Postby knife-grinder » Mon Jul 16, 2018 12:51 pm

Hi,
I tryed to modify the default.json as you suggested, I don't know exactly as it work so I tryed two way:
Code: Select all
"rejectUnauthorized": "false"

and
Code: Select all
"rejectUnauthorized": false


I also restarted the service service supervisor restart 'cause I don't know if the file is read every time or only a startup and nothing changed.
I put the value in this section
Code: Select all
 "FileConverter": {
    "converter": {

but my doubt is that this isn't the right place.

Any idea?
knife-grinder
 
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Postby knife-grinder » Mon Jul 16, 2018 12:55 pm

Maxim, can you be more clear about "letsencrypt" and how to install intermediate certs?
knife-grinder
 
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Next

Return to Installation issues

Who is online

Users browsing this forum: No registered users and 1 guest

cron