One may accidentally break HTTPS connection as a result of incorrect server configuration. If users rely mostly on client applications, broken HTTPS connection will have practically no effect on your infrastructure, but it will create certain inconveniences:<\/p>\n
The most probable causes:<\/p>\n
NET::ERR_CERT_AUTHORITY_INVALID<\/code>.<\/li>\n- Your organization uses the certificates signed by a local certification authority. If certificate configuration is not correct, HTTPS connection may not work and the browser will display this error:
ERR_SSL_KEY_USAGE_INCOMPATIBLE<\/code>.<\/li>\n<\/ul>\nGeneral solution<\/h2>\n
Regardless of the specific cause, there is a general solution to this approach. To fix this issue, you need to move the correct certificate<\/em><\/b> and its private key to the target machine or sign a new certificate if it is possible. The articles below show how to get a free TLS certificate.<\/p>\n\n- How to create a \u201cLet\u2019s Encrypt\u201d certificate on Windows<\/a><\/li>\n
- How to create a \u201cLet\u2019s Encrypt\u201d certificate on Linux<\/a><\/li>\n<\/ul>\n
If your server is installed on the OS that supports GUI, take these steps:<\/p>\n
\n- Get direct access to the OS or access it with the help of RDP, xRDP or VNC (of course, this type of access has to be configured in advance).<\/li>\n
- Go to the
localhost<\/code> address from the default browser.<\/li>\n- On the guest page, click the Administrator login<\/strong> button.<\/li>\n
- In HTTPS settings, upload the correct certificate and its private key.<\/li>\n<\/ul>\n
No access from localhost \/ OS without GUI<\/h2>\n
In most cases, the security department of any organization insists that password-free access to the control panel from localhost<\/code> should be closed. In this case and if you installed the server on the OS without GUI, follow the instruction below.:<\/p>\nTo solve this problem, we will move the files to the target machine with the help of SSH. However, at first, you will need to name these files in the correct way:<\/p>\n
\n- Certificate \u2014 custom.crt<\/b><\/li>\n
- Key \u2014 custom.key<\/b><\/li>\n<\/ul>\n
How to move certificates from Windows to Windows<\/h3>\n\n- Run PowerShell<\/b> as the administrator.<\/li>\n
- Go to the folder with the certificate and key:\n
cd \/targer-dir\/<\/pre>\n<\/li>\n
- Due to the peculiarities of how paths are interpreted on Windows, we will use SFTP instead of SCP to move files. Connect to the target machine:\n
sftp admin@10.110.2.242<\/pre>\n<\/li>\n
- Go to the folder with HTTPS settings:\n
cd 'C:\/Program Files\/TrueConf Server\/httpconf\/ssl\/'<\/pre>\n<\/li>\n
- Move the two files with the command:\n
put custom.crt\r\nput custom.key<\/pre>\n<\/li>\n<\/ul>\nHow to move the certificates from Linux to Linux<\/h3>\n\n- Open the terminal.<\/li>\n
- Go to the folder with the certificate and key:\n
cd \/targer-dir\/<\/pre>\n<\/li>\n
- Use SCP to move the certificate and key to the target machine, in the folder with HTTPS settings:\n
scp custom.crt custom.key admin@10.110.2.242:\/opt\/trueconf\/server\/etc\/webmanager\/ssl\/<\/pre>\n<\/li>\n
- Next, connect to the target machine via SSH and run the commands below to set the read rights for the moved files and set trueconf as the owner:\n
sudo chmod 400 \/opt\/trueconf\/server\/etc\/webmanager\/ssl\/custom.crt \/opt\/trueconf\/server\/etc\/webmanager\/ssl\/custom.key\r\nsudo chown trueconf \/opt\/trueconf\/server\/etc\/webmanager\/ssl\/custom.crt \/opt\/trueconf\/server\/etc\/webmanager\/ssl\/custom.key<\/pre>\n<\/li>\n<\/ul>\nBackup solution<\/h2>\n
If you do not have a new certificate, you will need to disable the use of HTTPS.<\/p>\n
Windows<\/h3>\n\n- Delete files:\n
C:\\Program Files\\TrueConf Server\\httpconf\\opt\\listen.conf\r\nC:\\Program Files\\TrueConf Server\\httpconf\\opt\\config.ssl<\/pre>\n<\/li>\n
- Restart the TrueConf Web Manager<\/strong> service.<\/li>\n<\/ul>\n
Linux<\/h3>\n\n- Delete files:\n
\/opt\/trueconf\/server\/etc\/webmanager\/opt\/listen.conf\r\n\/opt\/trueconf\/server\/etc\/webmanager\/opt\/config.ssl<\/pre>\n<\/li>\n
- Restart the trueconf-web<\/strong> service.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
One may accidentally break HTTPS connection as a result of incorrect server configuration. If users rely mostly on client applications, broken HTTPS connection will have practically no effect on your infrastructure, but it will create certain inconveniences: The server control panel, personal area, and conference scheduler will not be accessible in all client applications. Conference […]<\/p>\n","protected":false},"author":55,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[260],"tags":[231,186],"class_list":["post-31268","post","type-post","status-publish","format-standard","hentry","category-knowledge-base","tag-troubleshooting","tag-administration","wpautop"],"_links":{"self":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts\/31268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/comments?post=31268"}],"version-history":[{"count":7,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts\/31268\/revisions"}],"predecessor-version":[{"id":39866,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts\/31268\/revisions\/39866"}],"wp:attachment":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/media?parent=31268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/categories?post=31268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/tags?post=31268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}