Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Question UI no longer works since I updated the certificate

    Yes, the web services no longer work. Even when using the console (localhost) to log into the UI. All I did was update my cert. Can someone point me in the correct direction to TS this please?
    It does seem to keep the network connections going, but I have no way to manage UT any more.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,808

    Default

    It means the certificate you installed wasn't properly formed.

    You'll need to get on the physical console, open up the terminal and use this script: https://wiki.untangle.com/index.php/...ed_certificate

    To generate a new self signed certificate and deploy it to get back into the web UI. If you know how to work with Apache, you might be able to fix it via the console as well... but that's not "supported".
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    Thanks for the repair tips. I'm back and running again. However, the new cert I had used appears to be correct. It has been used on two other apache2 servers without problems. I have deleted & recreated it several times and each time it corrupts my untangle-apache2.

    Where are the apache logs in this distro?

  4. #4
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    I found the logs, and I see nothing really of value. The oddity is the entry stating "server certificate does not include an ID which matches the server name". The certificate is the same (except expiry) as the previous one, which is also a wild card cert. The uname is "untangle.foo.com" and the cert has two names "foo.com" and :*.foo.com".

  5. #5
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    Figured it out. The UI did not correctly concat the various sections of my new cert. It was missing a newline char between the cert chain and key sections. As soon as I added that, and restarted apache, all worked fine.
    Something you might want to fix.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,808

    Default

    Honestly, I'd rather them take away the ability to import certificates entirely in favor of an API that a central certificate deployment platform can use. That way you can bolt Untangle into your expanding letsencrypt architecture and have automatic renewals in play.
    donhwyo and TirsoJRP like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    451

    Default

    Quote Originally Posted by sky-knight View Post
    Honestly, I'd rather them take away the ability to import certificates entirely in favor of an API that a central certificate deployment platform can use. That way you can bolt Untangle into your expanding letsencrypt architecture and have automatic renewals in play.
    Forum Like button is broken, doesn't allow me to click it 100 times.

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,475

    Default

    Quote Originally Posted by tirsojrp View Post
    forum like button is broken, doesn't allow me to click it 100 times.
    lol
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,808

    Default

    So should I mention that I already have this working in a lab setting via RSA authenticated SSH?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    Tell me more!!

    I already have a script that updates a number of machines & processes for LetsEncrypt every three months. If I could add this machine to that mix somehow, that would be really good. It was that every three months cadence that brought me here in the first place.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2