Problem with ssl cert and DH param

On various Hardware and OS systems: pi / windows / routers / nas, etc
Post Reply
nicky14
Posts: 3
Joined: Wednesday 30 May 2018 9:17
Target OS: Raspberry Pi
Domoticz version: 3.8153
Location: Ferrara
Contact:

Problem with ssl cert and DH param

Post by nicky14 » Thursday 31 May 2018 7:58

I've installed on my raspberry pi 3 with the Domoticz latest stable version a let's encrypt certs. I've generated a DH param and cat to the certs chain and it has the following config:

Code: Select all

-----BEGIN PRIVATE KEY-----
XXXX
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
XXXXX
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN X9.42 DH PARAMETERS-----
XXXXX
-----END X9.42 DH PARAMETERS-----
The SSL config and certs works fine, but often Domoticz log an error like this:

Code: Select all

Error: [web:8484] missing SSL DH parameters from file /home/pi/domoticz/server_cert.pem
I've tried to generete and attach either DH with 2048 key and 4096 but still generate the error. What's wrong? Thanks

nicky14
Posts: 3
Joined: Wednesday 30 May 2018 9:17
Target OS: Raspberry Pi
Domoticz version: 3.8153
Location: Ferrara
Contact:

Re: Problem with ssl cert and DH param

Post by nicky14 » Sunday 08 July 2018 20:59

Anybody?

User avatar
felix63
Posts: 138
Joined: Monday 07 December 2015 10:30
Target OS: Raspberry Pi
Domoticz version: 3.8275
Location: Gouda
Contact:

Re: Problem with ssl cert and DH param

Post by felix63 » Sunday 08 July 2018 21:40

I have the same... but no solution.

joys
Posts: 4
Joined: Saturday 23 December 2017 11:16
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Problem with ssl cert and DH param

Post by joys » Wednesday 11 July 2018 18:07

Same problem here. I'm on stable version v4.9701.
any idea? thanks, bye.

triton
Posts: 15
Joined: Monday 03 April 2017 15:01
Target OS: Linux
Domoticz version: 4.9701
Location: Netherlands
Contact:

Re: Problem with ssl cert and DH param

Post by triton » Thursday 12 July 2018 23:01

Looks like working for me, my PEM order is like this, certificate at the top, followed by the intermediates and the private key. DH params generated and added to the end of the file. I'm using 2048 bits DH params, not 4096 (4096 is perhaps a bit paranoid currently)

Code: Select all

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
this should do to generate, just append to to the pem file.

Code: Select all

openssl dhparam -out dh2048.pem 2048

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests