can 9.6 use self signed certs??

[ivanbishop]

I posted earlier... I cannot open any documents... and I see these errors.
I generated self signed certs and placed them as I did in the PREVIOUS version of Onlyoffice (this worked)


[2018-07-04 00:32:43.221] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/f ... Xtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
[2018-07-04 00:32:44.239] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/f ... Xtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
[2018-07-04 00:32:45.257] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/f ... Xtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)

[Maxim]

Hello!

can 9.6 use self signed certs??

Yes

Error: self signed certificate

Smth is wrong

[ivanbishop]

yes something is wrong

I used the previous version of the docker/community images with self signed certs for 7 months on same server. All worked
perfectly.

The latest docker images are pulled cleanly and you see the document server runs OK and the community server UI pulls up the
documents available for edit OK.


I suspect that node.s is the culprit and that I either mis-entered my domain name into the CERT at creation time OR I need to alter HOW this version of node.js
reacts to self signed certs.


https://www.cyberciti.biz/faq/verify-ss ... e-openssl/
https://stackoverflow.com/questions/204 ... r-29397100


I'll test with wget including "ignore cert check" and see what happens.


thanks

[Maxim]

Hello!

I'll test with wget including "ignore cert check" and see what happens.

Wait for your result

[knife-grinder]

Hi All,
I'm writing here 'cause we stack in the same problem: DEPTH_ZERO_SELF_SIGNED_CERT.
I did a test using wget and ignoring the non trusted certificate and it goes all well except that it doesn't find the file, maybe 'cause it's not same session.

The error we have is the same:

Code: Select all

[2018-07-11 13:11:25.317] [ERROR] nodeJS - error downloadFile:url=https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9;attempt=3
;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_969052483_docx)
Error: self signed certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:609:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)

WGET says

Code: Select all

wget --no-check-certificate -O conv_check_969052483_docx https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9
 
--2018-07-11 13:18:22--  https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9
Resolving www.oursite.com (www.oursite.com)... IP
Connecting to www.oursite.com (www.oursite.com)|IP|:443... connected.
WARNING: The certificate of ‘www.oursite.com’ is not trusted.
WARNING: The certificate of ‘www.oursite.com’ hasn't got a known issuer.
HTTP request sent, awaiting response... 403 Forbidden
2018-07-11 13:18:23 ERROR 403: Forbidden.

Any idea on how to solve this issue?

Installed:
nodejs 6.14.3-1nodesource1
onlyoffice-documentserver 5.1.4-22
postgresql-9.0 9.0.23-1.pgdg80+2
mono-runtime 5.12.0.226-0xamarin3+debian8b1
nginx 1.6.2-5+deb8u5
rabbitmq-server 3.7.6-1

Operating system:
Linux cesin00vps 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux

TIA

[Maxim]

Hello!
If you disable SSL cert validation in default.json?

Code: Select all

rejectUnauthorized = false

[ivanbishop]

Hi Maxim, the global disable IU'll try but it make node.js a little insecure It's why I included links in my first post.

I'm busy at work right now but will update when I get a chance.

More importantly can you state clearly if node.js as shipped in latest Onlyoffice isn't "self signed cert friendly"
and that by default you support commercial certs, "letsencrypt" certs ONLY?

I REALLY want OO back and running.

thanks
so much

[Maxim]

Hello ivanbishop!
We recommend letsencrypt certs because there is intermediate cert also. If there is intermediate cert for your self-signed cert please install them.

More importantly can you state clearly if node.js as shipped in latest Onlyoffice isn't "self signed cert friendly"
and that by default you support commercial certs, "letsencrypt" certs ONLY?

node.js is sensitive to intermediate certs which self-signed has not often.
I suppose if you install intermediate certs everything will be ok.

[knife-grinder]

Hi,
I tryed to modify the default.json as you suggested, I don't know exactly as it work so I tryed two way:

Code: Select all

"rejectUnauthorized": "false"

and

Code: Select all

"rejectUnauthorized": false

I also restarted the service service supervisor restart 'cause I don't know if the file is read every time or only a startup and nothing changed.
I put the value in this section

Code: Select all

 "FileConverter": {
    "converter": {

but my doubt is that this isn't the right place.

Any idea?

[knife-grinder]

Maxim, can you be more clear about "letsencrypt" and how to install intermediate certs?