SSL issues on ubuntu deployment after upgrade

Issues with deployment
1

So I just upgraded from version 11, I originally used java keystores for my SSL certificate and now I have issues getting the correct SSL certificate to load.

I have added a folder alongside my .env file called owncert and added in what I think are the correct certificates. when I boot VIDU up it looks as though it works, there are no signs that SSL certificates were not found or were invalid, etc but when I browse to the openvidu url I am getting a OpenVidu signed certificate.

Is there somewhere i can check for SSL errors during bootup? I have also tried enabling letencrypt by setting the flags for certificatr type and letecrypt email in my config without success. When vidu boots up it correctly identifies that letsecrypt is selected but still serves up the Vidu signed certificate instead of anything from LetEncrypt.

Any help would be appreciated.

2

Hi @jamesroche

Please check these links and try to follow these instructions:

  1. Installation of owncert: https://docs.openvidu.io/en/latest/deployment/deploying-on-premises/#3-custom-certificate-commercial-ca
  2. Troubleshooting: https://docs.openvidu.io/en/latest/troubleshooting/#15-my-commercial-certificate-is-not-working-what-can-i-do

Also what version are you deploying, 2.16.0?

1 Like
3

Yes 2.16

I have been trying to follow that SSL guide but I have only a certificate.pfx to work with and I am not the best with OPEN SSL. I have with the help of Google converted it over but my private key has RSA in the header which si different to the troubleshooting link you sent over

4

So, you have a certificate.pfx (I suppose that this is your public certificate) and a private key with RSA header correct?

5
  1. Try to get the private key with this command:
openssl pkcs12 -in certificate.pfx -nocerts -out key.pem
  1. And the public one with this one:
openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out cert.pem

  1. Rename both files:
    key.pem -> certificate.key
    cert.pem -> certificate.cert

  2. After that, check that both files follow this format:
    https://docs.openvidu.io/en/latest/troubleshooting/#15-my-commercial-certificate-is-not-working-what-can-i-do

  3. Then copy them to /opt/openvidu/owncert and restart openvidu with sudo:

cd /opt/openvidu
./openvidu restart

Hope this helps,

Regards,
Carlos

6

I followed your process and i am seeing some stuff like

Bag Attributes
friendlyName: {590ff44c-ccaf-4bfc-ba58-9f95d532caf1}
localKeyID: 54 69 6D 65 20 31 35 39 35 35 30 33 36 32 30 36 35 38
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Microsoft Local Key set:

in between 2 certificates in my certificate.cert

In my certificate.key i only see

Bag Attributes
friendlyName: {f8153e1e-45ab-4459-acc6-4c894091b084}
localKeyID: 01 00 00 00
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
Microsoft Local Key set:
Key Attributes
X509v3 Key Usage: 10
Bag Attributes
friendlyName: {590ff44c-ccaf-4bfc-ba58-9f95d532caf1}
localKeyID: 54 69 6D 65 20 31 35 39 35 35 30 33 36 32 30 36 35 38
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Microsoft Local Key set:
Key Attributes:

7

Delete this stuff if you want, just make sure that this format is correct in the final files: https://docs.openvidu.io/en/latest/troubleshooting/#15-my-commercial-certificate-is-not-working-what-can-i-do

Two certificates is correct. This is a chain.

8

I have completed as per instructions and the formats match the outputs in the help doc but when i startup Vidu i am still getting the vidu signed certiciate openvidu@gmail.com etc.

How can i check for errors or outputs around SSL? I am not entirely convinced its finding the certificates

9

Can you show me the output of:

sudo su
cd /opt/openvidu
./openvidu version

Also check the nginx logs with:

sudo su
cd /opt/openvidu
docker-compose logs nginx
10

I don’t have anything in opt/openvidu. I am running the jar file from my home directory. Its also reading my .env from /home/user/.env.

Is this workable? I am not using docker

11

No sorry. It’s not impossible to run OpenVidu only in a jar file, but you need to follow these instructions to have support from our side:

In this way we can help in a more standardized and uniform way to people trying to deploy OpenVidu

So you need to use this official instructions and use Docker and Docker Compose.

BTW if you will do that you need to remove all previous services (nginx, openvidu, redis, kurento-media-server) from your system.

Regards,
Carlos

12

This makes sense. I had been following the upgrade guide. I will folow this now

1 Like
13

Nice!

Regards,
Carlos

14

This really helped out buddy thanks. Quick question though, now that I am setup and working again how to stop the Openvidu test app from shwoing up at the root url? theres a one click video conferencing popup i get now.

15

Glad to hear that :slight_smile:
You need to:

  1. Edit this file /opt/openvidu/docker-compose.yml and replace:
WITH_APP=true

to

WITH_APP=false

in nginx service.

  1. Delete the file /opt/openvidu/docker-compose.override.yml

Best Regards,
Carlos