Closed djinnsec closed 1 year ago
We'll look into this when the team has availability.
In the meantime does the certificate work if you upload it via the UI?
When using the .env
SSL cert configuration option, your certs cannot have newline characters. It must all be on one line with newline characters escaped with a literal \n
. For example, if my cert looks like this (truncated for brevity):
-----BEGIN CERTIFICATE-----
MIIGWTCCBEGgAwIBAgIUSZjaGrpRR6ZwTa4Hx9qaakJQrPMwDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlBBMRUwEwYDVQQHDAxQaGlsYWRl
[...]
-----END CERTIFICATE-----
Then in the .env
file, it should look like this:
VECTR_SSL_CRT=-----BEGIN CERTIFICATE-----\nMIIGWTCCBEGgAwIBAgIUSZjaGrpRR6ZwTa4Hx9qaakJQrPMwDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlBBMRUwEwYDVQQHDAxQaGlsYWRl\n[...]\n-----END CERTIFICATE-----
The same applies for the key.
For context, an SSL certificate is not bound to any TLS version. TLS version comes into play during TLS negotiation between the client and the server. This is explaining it very simplistically, but an SSL cert is just there to provide the initial secure connection during the TLS handshake in order to exchange the session key.
Thank you I have gotten the GUI one working. will validate @doodleincode, expect indeed it was more a layer 8 problem :) thanks again!
Describe the bug A clear and concise description of what the bug is.
Trying to load a signed certificate by DigiCert, which is only provided in TLS 1.3
after updating the .env file such as :
we keep getting the following browser error:
Secure Connection Failed An error occurred during a connection to (DOMAIN REDACTED). SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
and when doing curl =v (DOMAIN REDACTED) weg get:
Expected behavior A clear and concise description of what you expected to happen.
getting log-in screen
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional Information: we have tried to reconfigure server.xml as such:
which did not help.