Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: nicolatiana on March 08, 2020, 05:03:41 PM
-
Newly configurated OpenVPN. Appearently I've performed all steps. In server manager panel there's no error concerning certificates.
In log file I can find:
2020-03-08 16:56:36.766208500 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
2020-03-08 16:56:36.766228500 Exiting due to fatal error
and I'm not able to connect with clients.
-
I reply to myself. For some reason my insane brain has forced me to put password in server certificate ..... :(
Regenarated server certificate in the correct way. Sorry.
-
Currently helping John get latest phpki working, testing his changes, I know the feeling LOL :lol: :lol: :lol: :lol:
-
Nicolatiana
Yes that'll be the issue :-)
Do you use phpki or another method to create certificates?
I am doing a major update to phpki and I would like to find another user for opinion!
Let us know (ask for a login to Rocket.Chat as well.....)
-
Using Phpki contrib.
Upgrade in smetest repo ?
-
Using Phpki contrib.
Upgrade in smetest repo ?
Yes, BUT, wait, just sorting what happens to old ver certs if you upgrade, John is trying to sort it, I think keeping a roof over his head and food on the table is interfering :-)
and sorry adding, the version we are playing with is in Johns testing repo, not updated to CVS yet
-
Using Phpki contrib.
That is the RIGHT answer :-)
OK, I know your version is probably a bit flawed.... the dates are wrong in the panel & other stuff.
I have done a patched version of v0.82 but not released it yet as we are testing it. It fixes a few basic issues like the dates and some formatting. The updated version is in smetest phpki-0.82-20
Please test it - Terry has and it seems OK but note I give NO guarantees that it won't break things so make a backup of your certs in /opt/phpki/phpki-store before upgrading, or better still install on a test machine. Install the original, create a few certs then upgrade.
However, it doesn't fix the current encryption level which is not high.
I have cloned the radicand repo which in itself was a copy of the 0.83 code with fixes and have updated it
https://github.com/reetp/phpki
It is STILL a work in progress.
The big issue is upgrading. The new 0.83 version will use SHA512 which is far stronger than the SHA1 used in 0.82 which is a busted flush.
However, it means you need to generate a new CA, and then new certificates.
So to upgrade to 0.83 means we need to backup the old certs and reinstall.
I have a personal build of 0.83+ if you want to try it - let me know.
Also, if you want to test this (please!!!!) ask me for a Rocket.Chat account and you can talk to me and Terry directly as we build and test it. No coding required - just some enthusiasm....
Relevant bugs
https://bugs.contribs.org/show_bug.cgi?id=6741
https://bugs.contribs.org/show_bug.cgi?id=8911 << fixed in phpki-0.82-20
https://bugs.contribs.org/show_bug.cgi?id=8685
Hope you jump in and help - we really need it!
B. Rgds
John