can 9.6 use self signed certs??

Issues during installation and related to database
ivanbishop
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

can 9.6 use self signed certs??

Post by ivanbishop » Wed Jul 04, 2018 12:34 am

I posted earlier... I cannot open any documents... and I see these errors.
I generated self signed certs and placed them as I did in the PREVIOUS version of Onlyoffice (this worked)


[2018-07-04 00:32:43.221] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/f ... Xtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
[2018-07-04 00:32:44.239] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/f ... Xtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
[2018-07-04 00:32:45.257] [ERROR] nodeJS - error downloadFile:url=https://forscotland.com:6443/products/f ... Xtp76CXR2Q_)
Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)

Maxim
Posts: 1747
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Post by Maxim » Thu Jul 05, 2018 10:15 am

Hello!
can 9.6 use self signed certs??
Yes
Error: self signed certificate
Smth is wrong

ivanbishop
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

Re: can 9.6 use self signed certs??

Post by ivanbishop » Thu Jul 05, 2018 5:40 pm

yes something is wrong :)

I used the previous version of the docker/community images with self signed certs for 7 months on same server. All worked
perfectly.

The latest docker images are pulled cleanly and you see the document server runs OK and the community server UI pulls up the
documents available for edit OK.


I suspect that node.s is the culprit and that I either mis-entered my domain name into the CERT at creation time OR I need to alter HOW this version of node.js
reacts to self signed certs.


https://www.cyberciti.biz/faq/verify-ss ... e-openssl/
https://stackoverflow.com/questions/204 ... r-29397100


I'll test with wget including "ignore cert check" and see what happens.


thanks

Maxim
Posts: 1747
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Post by Maxim » Mon Jul 09, 2018 7:59 am

Hello!
I'll test with wget including "ignore cert check" and see what happens.
Wait for your result

knife-grinder
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Post by knife-grinder » Wed Jul 11, 2018 12:02 pm

Hi All,
I'm writing here 'cause we stack in the same problem: DEPTH_ZERO_SELF_SIGNED_CERT.
I did a test using wget and ignoring the non trusted certificate and it goes all well except that it doesn't find the file, maybe 'cause it's not same session.

The error we have is the same:

Code: Select all

[2018-07-11 13:11:25.317] [ERROR] nodeJS - error downloadFile:url=https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9;attempt=3
;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_969052483_docx)
Error: self signed certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:609:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
WGET says

Code: Select all

wget --no-check-certificate -O conv_check_969052483_docx https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9
 
--2018-07-11 13:18:22--  https://www.oursite.com/index.php/apps/onlyoffice/empty?doc=WTlQa2tNY1NDa0tPTHo4RkZ1MVpXSUVBdHFDRmZVK3ZlRmJYaVprLzFUbz0/eyJhY3Rpb24iOiJlbXB0eSJ9
Resolving www.oursite.com (www.oursite.com)... IP
Connecting to www.oursite.com (www.oursite.com)|IP|:443... connected.
WARNING: The certificate of ‘www.oursite.com’ is not trusted.
WARNING: The certificate of ‘www.oursite.com’ hasn't got a known issuer.
HTTP request sent, awaiting response... 403 Forbidden
2018-07-11 13:18:23 ERROR 403: Forbidden.
Any idea on how to solve this issue?

Installed:
nodejs 6.14.3-1nodesource1
onlyoffice-documentserver 5.1.4-22
postgresql-9.0 9.0.23-1.pgdg80+2
mono-runtime 5.12.0.226-0xamarin3+debian8b1
nginx 1.6.2-5+deb8u5
rabbitmq-server 3.7.6-1

Operating system:
Linux cesin00vps 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux

TIA

Maxim
Posts: 1747
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Post by Maxim » Thu Jul 12, 2018 6:45 am

Hello!
If you disable SSL cert validation in default.json?

Code: Select all

rejectUnauthorized = false

ivanbishop
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

Re: can 9.6 use self signed certs??

Post by ivanbishop » Thu Jul 12, 2018 7:52 pm

Hi Maxim, the global disable IU'll try but it make node.js a little insecure ;) It's why I included links in my first post.

I'm busy at work right now but will update when I get a chance.

More importantly can you state clearly if node.js as shipped in latest Onlyoffice isn't "self signed cert friendly"
and that by default you support commercial certs, "letsencrypt" certs ONLY?

I REALLY want OO back and running.

thanks
so much

Maxim
Posts: 1747
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Post by Maxim » Mon Jul 16, 2018 7:35 am

Hello ivanbishop!
We recommend letsencrypt certs because there is intermediate cert also. If there is intermediate cert for your self-signed cert please install them.
More importantly can you state clearly if node.js as shipped in latest Onlyoffice isn't "self signed cert friendly"
and that by default you support commercial certs, "letsencrypt" certs ONLY?
node.js is sensitive to intermediate certs which self-signed has not often.
I suppose if you install intermediate certs everything will be ok.

knife-grinder
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Post by knife-grinder » Mon Jul 16, 2018 12:51 pm

Hi,
I tryed to modify the default.json as you suggested, I don't know exactly as it work so I tryed two way:

Code: Select all

"rejectUnauthorized": "false"
and

Code: Select all

"rejectUnauthorized": false
I also restarted the service service supervisor restart 'cause I don't know if the file is read every time or only a startup and nothing changed.
I put the value in this section

Code: Select all

 "FileConverter": {
    "converter": {
but my doubt is that this isn't the right place.

Any idea?

knife-grinder
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Post by knife-grinder » Mon Jul 16, 2018 12:55 pm

Maxim, can you be more clear about "letsencrypt" and how to install intermediate certs?

Post Reply