Difficulties in loading the ssl certificate

globaleaks / GlobaLeaks

GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.

https://www.globaleaks.org

Other

1.21k stars 264 forks source link

Difficulties in loading the ssl certificate #3829

Open ict-dialogo opened 8 months ago

ict-dialogo commented 8 months ago

What version of GlobaLeaks are you using?

4.13.18

What browser(s) are you seeing the problem on?

Tor Browser, Chrome, Firefox

What operating system(s) are you seeing the problem on?

Windows

Describe the issue

While trying to upload the certificate, we receive this message of input validation (it is in Italian)

Globaleaks is installed in a Debian 11. We could succesfully upload only the private key. All the certificates are in the PEM format, we converted them through Linux instructions, we tried the following ones: openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem openssl x509 -inform der -in certificate.cer -out certificate.pem openssl x509 -inform der -in certificate.cer -outform pem -out certificate.pem

we also tried to manually rename the certificates changeing the extension, but it did not work.

Thank you.

Proposed solution

No response

evilaliv3 commented 8 months ago

Thank you @ict-dialogo

Would you please check that your key is not encrypted? If it is encrypted you should use openssl to remove the encryption key.

markracing commented 8 months ago

Good morning everyone, I'm arguing with the cer a pem certificate to publish the machine to the outside. I purchased the cer certificate via Aruba, with the conversion to pem, with the following command openssl x509 -in cert.cer -out cert.pem. But when the file is uploaded to the GlobaLeaks dashboard, I always get this error

evilaliv3 commented 8 months ago

@markracing : ensure your private key is not password protected and eventually remove the password by means of openssl

markracing commented 8 months ago

Do you know what string I should make?

markracing commented 8 months ago

the private key has been removed from Passoword, but we still receive the same error.

We generated from ubuntu following these guides https://ubuntu.com/server/docs/security-certificates

markracing commented 8 months ago

It's possible that the problem could be a certificate generated on cname dns, instead of a third level domain ?

PEQSPC commented 1 month ago

I am having the same problem imagem I am using the automatic cert in the globaleaks website

evilaliv3 commented 1 month ago

@PEQSPC

Have you configured a dns record pointed to the ip of your server?
If globaleaks publicly reachable directly on port 80 and 443?

If you would like to pass me the domain name, i may check which is the reason of your failures

PEQSPC commented 1 month ago

its a local domain name , i am using duckdns ,pointing to a private ip address

PEQSPC commented 1 month ago

is there another way to add the certificate?,i was using the manual setup

PEQSPC commented 1 month ago

can i get the cert like this-> https://pypi.org/project/certbot-dns-duckdns/

PEQSPC commented 1 month ago

imagem a used the cert in tests folder from the backend folder , but the browser doesn't recognize the certificate imagem

evilaliv3 commented 1 month ago

I'm sorry @PEQSPC services like this could not be used.

You just need a regulard nomain name and then you can use free certificates which let'sencrypt.

PEQSPC commented 1 month ago

ok thank you

PEQSPC commented 1 month ago

I can you explain how to use lets encrypt on my local machine ?