HTTPS/WSS WebSockets doesn't works with Let's Encrypt Certificates (tested on FOP2 2.31.33)
I configured ssl certificates (Let's Encrypt Certificates) files into
fop2.cfg with the same paths used into Apache webserver:
the https page of freepbx works good, but when connecting to FOP2 I get in the Browser console these errors:
WebSocket connection to 'wss://pbx.example.com:4445/' failed:
Looking deeper I see that the private key is in EC (Elliptic Curve) format and not RSA.
Is the secp384r1 private key supported by FOP2?
Follow some details of private key:
# openssl asn1parse -in /etc/asterisk/keys/default.key 0:d=0 hl=3 l= 182 cons: SEQUENCE 3:d=1 hl=2 l= 1 prim: INTEGER :00 6:d=1 hl=2 l= 16 cons: SEQUENCE 8:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 17:d=2 hl=2 l= 5 prim: OBJECT :secp384r1
I think this is a problem of FOP2 because testing the 4445 port with openssl command it doesn't return the Certificate info:
$ openssl s_client -showcerts -connect pbx.example.com:4445 CONNECTED(00000003) C0E148ADE87F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:308: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 334 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
Let's me know if you need more info.
Thank you in advance