Problem with ssl cert and DH param

On various Hardware and OS systems: pi / windows / routers / nas, etc

Moderator: leecollings

Post Reply
nicky14
Posts: 3
Joined: Wednesday 30 May 2018 9:17
Target OS: Raspberry Pi / ODroid
Domoticz version: 3.8153
Location: Ferrara
Contact:
Contact nicky14

Problem with ssl cert and DH param

Post by nicky14 »

I've installed on my raspberry pi 3 with the Domoticz latest stable version a let's encrypt certs. I've generated a DH param and cat to the certs chain and it has the following config:

Code: Select all

-----BEGIN PRIVATE KEY-----
XXXX
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
XXXXX
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
-----BEGIN X9.42 DH PARAMETERS-----
XXXXX
-----END X9.42 DH PARAMETERS-----
The SSL config and certs works fine, but often Domoticz log an error like this:

Code: Select all

Error: [web:8484] missing SSL DH parameters from file /home/pi/domoticz/server_cert.pem
I've tried to generete and attach either DH with 2048 key and 4096 but still generate the error. What's wrong? Thanks
Top
nicky14
Posts: 3
Joined: Wednesday 30 May 2018 9:17
Target OS: Raspberry Pi / ODroid
Domoticz version: 3.8153
Location: Ferrara
Contact:
Contact nicky14

Re: Problem with ssl cert and DH param

Post by nicky14 »

Anybody?
Top
User avatar
felix63
Posts: 244
Joined: Monday 07 December 2015 9:30
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.1
Location: Gouda
Contact:
Contact felix63

Re: Problem with ssl cert and DH param

Post by felix63 »

I have the same... but no solution.
Top
joys
Posts: 6
Joined: Saturday 23 December 2017 10:16
Target OS: Linux
Domoticz version:
Contact:
Contact joys

Re: Problem with ssl cert and DH param

Post by joys »

Same problem here. I'm on stable version v4.9701.
any idea? thanks, bye.
Top
triton
Posts: 15
Joined: Monday 03 April 2017 15:01
Target OS: Linux
Domoticz version: 4.9701
Location: Netherlands
Contact:
Contact triton

Re: Problem with ssl cert and DH param

Post by triton »

Looks like working for me, my PEM order is like this, certificate at the top, followed by the intermediates and the private key. DH params generated and added to the end of the file. I'm using 2048 bits DH params, not 4096 (4096 is perhaps a bit paranoid currently)

Code: Select all

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
this should do to generate, just append to to the pem file.

Code: Select all

openssl dhparam -out dh2048.pem 2048
Top
joys
Posts: 6
Joined: Saturday 23 December 2017 10:16
Target OS: Linux
Domoticz version:
Contact:
Contact joys

Re: Problem with ssl cert and DH param

Post by joys »

Hi,

thank, working with these command:
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 2048

In the wiki there is this command:
sudo openssl dhparam -dsaparam -out dhparam.pem 4096

The problem I think is "-dsaparam" flag. The wiki should be updated.

thanks.
Top
User avatar
felix63
Posts: 244
Joined: Monday 07 December 2015 9:30
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.1
Location: Gouda
Contact:
Contact felix63

Re: Problem with ssl cert and DH param

Post by felix63 »

verified. I have taken the liberty to update the wiki.
Top
Post Reply

Return to “Installation, Compiling, Permissions, Security and Starting”

Who is online

Users browsing this forum: No registered users and 1 guest