SSL config with drumsergio/genieacs

I’m not understanding the documentation well, or the documentation for the docker image assumes I know more than I do.

I discovered that config.json doesn’t exist for the docker image, that it’s in the genieacs.env files.

I’m trying to enable SSL, and have set:
CWMP_SSL_CERT=/opt/genieacs/cert.crt
CWMP_SSL_KEY=/opt/genieacs/key.key

in the geniceacs.env files, but SSL is not working and I see nothing in the logs to tell me why.

Can someone provide an example genieacs.env with working SSL for me to compare?

Thanks!

Hi,

All GenieACS environment variables must be prefixed with GENIEACS_ . Please try with:
GENIEACS_CWMP_SSL_CERT=/opt/genieacs/cert.crt
GENIEACS_CWMP_SSL_KEY=/opt/genieacs/key.key

I have done the installation from the source code of genieacs 1.2 with nodejs 12 and modified the genieacs.env file as above to use SSL but it doesn’t work (without SSL lines all work fine):
[ERROR] Worked died
[ERROR] uncaught exception

Could it be from the nodejs version?
Any suggestions for help?

Thank you in advanced

1 Like

hi, hello, i have the same problem as you, have you solved it?
I used your configuration,
After restarting the genieacs server, /usr/bin/genieacs-cwmp is lost;
genieacs-cwmp cannot run,
Because in the environment variables, I only configure the SSL parameters of genieacs-cwmp;
GENIEACS_CWMP_SSL_CERT=/opt/genieacs/cert.crt
GENIEACS_CWMP_SSL_KEY=/opt/genieacs/key.key
When I remove GENIEACS_CWMP_SSL_CERT/ GENIEACS_CWMP_SSL_KEY;
genieacs-cwmp can start normally.
Can anyone help me check it?
Nothing can be seen in the genieacs log, use journalctl -e to check:


thank you very much.

Hi,

Did you generate your key using a passphrase? If yes, please try to regenerate it without.

1 Like

Hi, lavira;
First of all, thanks for your reply,
Secondly, I did not use openssl to generate a password, and used my own certificate and secret key;
Is there any problem?
What are the correct configuration and steps for SSL connection requests?
Are there any detailed instructions or documentation?

the error you received seems to be related to a invalid key … just to make sure your key is not encrypted, please run:
openssl rsa -in /opt/genieacs/key.key -out /opt/genieacs/unencryptedKey.key

and after that check if the certificate and key match:

openssl x509 -noout -modulus -in /opt/genieacs/cert.crt | openssl md5
openssl rsa -noout -modulus -in /opt/genieacs/unencryptedKey.key | openssl md5

The hashed values from each command should be equal … If all is ok, replace the key in the env file and restart the process and see if it works.
GENIEACS_CWMP_SSL_KEY=/opt/genieacs/unencryptedKey.key

All that is needed to enable SSL is to generate certificate and assign these variables CWMP_SSL_CERT, CWMP_SSL_KEY?

What about installing nginx and then adding all its configs that was mentioned in some other discussions. Is this required for genieacs 1.2?

Currently I have genieacs 1.2 installed and running using this procedure http://docs.genieacs.com/en/latest/installation-guide.html.

Would like to change ACS URL from http://a.b.c.d:7547 to https://genieacs-1.acme.com/CPEMgt and the console from http:/a.b.c.d:3000 to https://genieacs-1.acme.com. So I would need two certificates?

I never tried this, but multi domain certificates seem to be a thing!

You can get a wildcard cert, it would be good for *.acme.com