Jump to content


Photo

Cannot log in using HTTPS


  • Please log in to reply
19 replies to this topic

#1 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 06 February 2017 - 11:35 AM

Used LetsEncrypt to generate a certificate.

 

We are using port 9443 for https. If I go to my subdomain portal, it works fine, and the connection is established and secure (see pic). But cannot login. 

 

Using the same credentials via http/port 80, works fine, and can log in without any problems. I can even change the http to https and port 9443, once loged in, and the session works via https... Why can't I log in using https?

 

 

 1C1Nxo8y6e86sPe6b5EtDapGdTCOO0.png



#2 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 06 February 2017 - 11:56 AM

Certificates are generated for a specific DNS address. If you go to another address, the web browser will reject the certificate (otherwise everybody could just slap any certificate on any server and pretend to be google.com). You might need a wildcard certificate if you want to have multiple domains on that server, or at least one certificate for each domain.



#3 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 06 February 2017 - 12:23 PM

It's for a simple subdomain. Not for the whole server. The certificate works fine, and the page seems fine. Just that I cannot login via THAT subdomain. 



#4 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 06 February 2017 - 02:07 PM

So you are navigating to https://that.subdomain? Not to https://12.23.34.45 right? The browser might have a problem redirecting to another domain, that is what happens when you log in through the main portal and then the PBX figures out that you actually want to log in to a domain.



#5 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 06 February 2017 - 04:47 PM

I go to https://subdomain.maindomain.com...and not the IP. 

 

I simply want to log as a regular user, not admin. Don't see why there would be a redirect...



#6 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 06 February 2017 - 08:58 PM

This should work. Don't log in with the user@domain, just the user. Do you see a green lock? Actually what version is this?



#7 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 07 February 2017 - 01:36 PM

Yes the green lock is on. And working without any errors. The page is displayed correctly, but when i enter the user without the domain or anything, and the password, the page simply refreshes and comes back with the empty fields. 

 

Note, that on http, it works fine to log in.



#8 Vodia Telephone System

Vodia Telephone System

    Advanced Member

  • Members
  • PipPipPip
  • 175 posts
  • Gender:Male

Posted 08 February 2017 - 09:14 AM

Can you please tell us what version of the PBX are you running? Because the encryption connection is 1.0 there and we have switched to TLS 1.2. At least that will rule out anything new we have done so that the problem can be narrowed with the version number of the PBX.



#9 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 08 February 2017 - 04:04 PM

Testing with version 56.0

Thank you.



#10 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 09 February 2017 - 12:04 PM

Were you able to replicate the issue?



#11 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 13 February 2017 - 12:32 PM

Bump



#12 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 13 February 2017 - 02:44 PM

So further testing shows that i can log-in using the admin accounts, but domain admin and user portal don't work.



#13 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 13 February 2017 - 03:09 PM

Further further testing, i am able to log-in correctly using the full username: 9999@sub.domain.com and the password.

 

I think the problem is withing the welcome.js which I cannot modify:

// Redirect to secure login?
    if (session.secure && window.location.protocol !== 'https:') {
      var l = 'https://' + window.location.hostname + ":" + session.secure + window.location.pathname + window.location.hash;
      window.location = l;
      return;
    }


#14 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 13 February 2017 - 10:16 PM

You mean the window.location.hostname there? Or the general idea that users should use a secure transport layer? You can also edit the welcome js, just create a html folder in the working directory, put the content of the welcome.js there and you can happily edit it right there.



#15 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 14 February 2017 - 01:26 PM

I think the problem is due to the redirect. Instead of logging in, it simply refreshes the page. 

 

Am I really the only one having this issue?



#16 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 15 February 2017 - 10:58 AM

Well but how otherwise would you redirect a user to the http login page? Keep in mind that this is optional, and make most sense when you have a valid certificate installed. 



#17 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 15 February 2017 - 02:22 PM

It is a valid certificate... So I am assuming that user cannot log-in unless they use the whole domain such as 333@domain.xyz.com... which is a pity. 



#18 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 15 February 2017 - 05:28 PM

I just tried that over here on our domain, it works here. Not sure where the problem is. Maybe you can open a ticket and include a username, password and hostname where we can try this out.



#19 chrispopp

chrispopp

    Advanced Member

  • Members
  • PipPipPip
  • 142 posts

Posted 01 March 2017 - 12:51 PM

Found out what the problem is.... The login only works on port 443. I was using port 8843 for https, since my port 443 was taken up by a different device. 

 

I temporarily changed it to 443 and the log-in works correctly.



#20 Vodia PBX

Vodia PBX

    Advanced Member

  • Administrators
  • PipPipPip
  • 8,973 posts
  • Gender:Male

Posted 01 March 2017 - 02:30 PM

Yea that is actually a common problem. Thanks for sharing that with us.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users