Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   ssl certificate, posted by Giuseppe Cucinotta on Wed Jan 25 17:41:30 2023 
    icon2.gif   Re: ssl certificate, posted by Laurent Jean-Rigaud on Wed Jan 25 21:44:51 2023 
       icon2.gif   Re: ssl certificate, posted by Giuseppe Cucinotta on Wed Jan 25 22:22:07 2023 
          icon2.gif   Re: ssl certificate, posted by Giuseppe Cucinotta on Fri Feb 17 14:29:54 2023 
             icon2.gif   Re: ssl certificate, posted by Andreas Luedeke on Mon Mar 13 16:16:09 2023 
Message ID: 69658     Entry time: Mon Mar 13 16:16:09 2023     In reply to: 69651
Icon: Reply  Author: Andreas Luedeke  Author Email: andreas.luedeke@psi.ch 
Category: Question  OS: Linux  ELOG Version: 3.1.3 
Subject: Re: ssl certificate 

I do run elog under:

Usr = elog
Grp = elog

But that does not change the location of my certificates: they are in "/usr/local/elog/ssl".
My guess: you just copied the .pem file to the /ssl directory, but did not rename it to server.crt?
And of course you need to overwrite server.key as well.

Kind Regards
Andreas

Giuseppe Cucinotta wrote:

Hi I'm here again,

According to my conf file I run elog under a specified user and group different from root. So I copied the .pem file I obtained from certbot in /etc/ssl as well as /urs/local/elog/ssl and ssl folder in the user directory (I will call it <user-dir>) but when I launch elog I receive the error that cannot initialize SSL because the old self signed certificate server.crt in <user-dir>/ssl is not found.

I wonder where in elog.cfg or elsewhere is written that <user-dir>/ssl/server.crt must be usedand how to fix it

Thanks

Giuseppe Cucinotta wrote:

Hi Laurent,

thanks very much! Probably I've copied the certificate in the wrong directory. I'll try ASAP

Laurent Jean-Rigaud wrote:

Hi Giuseppe,

The new certificate files should be copy under ssl folder (/usr/local/elog/ssl or /usr/share/elog/ssl by example, closed to templates and script directories) in place of the embedded (autosigned) certificate files enclosed with ELOG source.

It seems that there is no parameter to set a custom path.

SSL = <0 | 1>
Turn on Secure Socket Layer transport. If SSL is on, one can connect via https://... to the elogd daemon. If the URL = directive is used, make sure to use https://... instead of http://... there. The ELOG distribution contains a simple self-signed certificate in the ssl subdirectory. One can replace this certificate and key with a real ceritficate to avoid browser pop-up windows warning about the self-signed certificate. The default for this option is 0.

 

 

Giuseppe Cucinotta wrote:

We obtained a certificate from let's encrypt in order to replace the self signed certificate provided with elog. We copied the new certificates replacing the older server.crt

The problem is that when restarted elog raises an error related to the fact it is looking for server.crt and it doesn't find it anymore.

I searched in elog config file in order to find a way to indicate the new certificate but I didn't find how to manage this issue.

Any suggestion?

 

 

 

 

ELOG V3.1.5-3fb85fa6