Trying to connect to REST API using ssl on port 8443. Kazoo v4

fred

unread,

Jan 6, 2017, 11:02:00 AM1/6/17

to 2600hz-users

Using Kazoo v4. Trying to connect to REST API on port 8443 using ssl. It doesn't seem to be listening. Anyone else have it working on v4?

I went into the DB > system_config > crossbar and set use_ssl =true. I then rebooted because I am not sure which sup command reloads the config.

curl https://localhost:8443/v2

says connection refused.

curl http://localhost:8000/v2 still works

I have letsencrypt certificates which I copied over and configured as well but it doesn't even seem to be listening on that port in the first place

Am I missing something?

Darren Schreiber

unread,

Jan 6, 2017, 11:02:40 AM1/6/17

to 2600hz...@googlegroups.com

What did the log show re: ssl? You can grep ssl in the logs at startup.

--
You received this message because you are subscribed to the Google Groups "2600hz-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 2600hz-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Kirill Sysoev

unread,

Jan 6, 2017, 11:09:03 AM1/6/17

to 2600hz-users

Hi,

Letsencrypt should work with crossbar for sure!

Here are how I do it: https://github.com/onnet/kazoo_utils/blob/master/centos7_4.0_notes.md

Letsencrypt SSL cert

yum install certbot
certbot certonly --standalone -d `hostname -f` (443 port should be opened for check from letsencrypt side)
mkdir /etc/kazoo/certs
cp /etc/letsencrypt/live/`hostname -f`/* /etc/kazoo/certs/
edit crossbar doc

"use_ssl": true,
"ssl_port": "8443",
"ssl_cert": "/etc/kazoo/certs/cert.pem",
"ssl_key": "/etc/kazoo/certs/privkey.pem",
"ssl_ca_cert": "/etc/kazoo/certs/fullchain.pem",

пятница, 6 января 2017 г., 19:02:00 UTC+3 пользователь fred написал:

fred

unread,

Jan 6, 2017, 2:13:47 PM1/6/17

to 2600hz-users

Thanks for the responses. Log did show ssl not starting because it couldn't find the cert file. I was using a link to the cert file just like certbot does it. Kazoo does not see the link for some reason. Referencing the actual file location got it working.

I also added "ssl_ca_cert":

Have not seen that documented anywhere. Not sure if it's required or not.

mentax

unread,

Jan 9, 2017, 2:31:17 PM1/9/17

to 2600hz-users

It is permission issue. Have the same issue when do a configuration for my system.

Change permissions to 755 and check using kazoo user if you can read certificates in /etc/letsencrypt/live/domain.tdl/.

пятница, 6 января 2017 г., 14:13:47 UTC-5 пользователь fred написал:

fulc927

unread,

Jan 9, 2017, 2:31:17 PM1/9/17

to 2600hz-users

your line ""ssl_cert": "/etc/kazoo/certs/cert.pem" is wrong it should be:

"ssl_cert": "/etc/kazoo/certs/fullchain.pem" (if you use letsencrypt)

A first time visitor could receive an SSL validator error if you misuse the intermediary certificate authority.

AFerdous

unread,

Jun 6, 2017, 7:46:10 AM6/6/17

to 2600hz-users

I am having the same problem, were you able to fix it?

ALMA

unread,

Jun 6, 2017, 9:52:01 AM6/6/17

to 2600hz-users

Check that port is binded by "beam" process:

netstat -tulpn | grep 8443

or

ss -tulpn | grep 8443

If not, restart crossbar.

Reply all

Reply to author

Forward