Cannot log in using HTTPS

[chrispopp]

Used LetsEncrypt to generate a certificate.

 

We are using port 9443 for https. If I go to my subdomain portal, it works fine, and the connection is established and secure (see pic). But cannot login.

 

Using the same credentials via http/port 80, works fine, and can log in without any problems. I can even change the http to https and port 9443, once loged in, and the session works via https... Why can't I log in using https?

 

 

[Vodia PBX]

Certificates are generated for a specific DNS address. If you go to another address, the web browser will reject the certificate (otherwise everybody could just slap any certificate on any server and pretend to be google.com). You might need a wildcard certificate if you want to have multiple domains on that server, or at least one certificate for each domain.

[chrispopp]

It's for a simple subdomain. Not for the whole server. The certificate works fine, and the page seems fine. Just that I cannot login via THAT subdomain.

[Vodia PBX]

So you are navigating to https://that.subdomain? Not to https://12.23.34.45 right? The browser might have a problem redirecting to another domain, that is what happens when you log in through the main portal and then the PBX figures out that you actually want to log in to a domain.

[chrispopp]

I go to https://subdomain.maindomain.com...and not the IP.

 

I simply want to log as a regular user, not admin. Don't see why there would be a redirect...

[Vodia PBX]

This should work. Don't log in with the user@domain, just the user. Do you see a green lock? Actually what version is this?

[chrispopp]

Yes the green lock is on. And working without any errors. The page is displayed correctly, but when i enter the user without the domain or anything, and the password, the page simply refreshes and comes back with the empty fields.

 

Note, that on http, it works fine to log in.

[Vodia Telephone System]

Can you please tell us what version of the PBX are you running? Because the encryption connection is 1.0 there and we have switched to TLS 1.2. At least that will rule out anything new we have done so that the problem can be narrowed with the version number of the PBX.

[chrispopp]

Testing with version 56.0

Thank you.

[chrispopp]

Were you able to replicate the issue?

[chrispopp]

Bump

[chrispopp]

So further testing shows that i can log-in using the admin accounts, but domain admin and user portal don't work.

[chrispopp]

Further further testing, i am able to log-in correctly using the full username: 9999@sub.domain.com and the password.

 

I think the problem is withing the welcome.js which I cannot modify:

// Redirect to secure login?
    if (session.secure && window.location.protocol !== 'https:') {
      var l = 'https://' + window.location.hostname + ":" + session.secure + window.location.pathname + window.location.hash;
      window.location = l;
      return;
    }

[Vodia PBX]

You mean the window.location.hostname there? Or the general idea that users should use a secure transport layer? You can also edit the welcome js, just create a html folder in the working directory, put the content of the welcome.js there and you can happily edit it right there.

[chrispopp]

I think the problem is due to the redirect. Instead of logging in, it simply refreshes the page.

 

Am I really the only one having this issue?

[Vodia PBX]

Well but how otherwise would you redirect a user to the http login page? Keep in mind that this is optional, and make most sense when you have a valid certificate installed.

[chrispopp]

It is a valid certificate... So I am assuming that user cannot log-in unless they use the whole domain such as 333@domain.xyz.com... which is a pity.

[Vodia PBX]

I just tried that over here on our domain, it works here. Not sure where the problem is. Maybe you can open a ticket and include a username, password and hostname where we can try this out.

[chrispopp]

Found out what the problem is.... The login only works on port 443. I was using port 8843 for https, since my port 443 was taken up by a different device.

 

I temporarily changed it to 443 and the log-in works correctly.

[Vodia PBX]

Yea that is actually a common problem. Thanks for sharing that with us.