Page 1 of 1
Setting SSL variables
Posted: Tue May 26, 2020 5:38 am
by SkippyDo
In pursuit of some API issues (
viewtopic.php?f=40&t=29428&sid=68a54a38 ... 4da7d13e36 ) I started digging through php code and found that database.php.default references three ZM SSL variables:
Code: Select all
'ssl_ca' => ZM_DB_SSL_CA_CERT,
'ssl_key' => ZM_DB_SSL_CLIENT_KEY,
'ssl_cert' => ZM_DB_SSL_CLIENT_CERT,
For ZM I was setting the following in a custom conf file (located under zm/conf.d):
Code: Select all
ZM_DB_SSL_CLIENT_CERT=/etc/letsencrypt/live/<server FQDN>/fullchain.pem
ZM_DB_SSL_CLIENT_KEY=/etc/letsencrypt/live/<server FQDN>/privkey.pem
ZM fails to start if I add a line for ZM_DB_SSL_CA_CERT.
Also, can anyone tell me what files are for which variable when dealing with certs issued from LetsEncrypt? There are four files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
This is what I have in my apache2/apache2/sites-enabled/000-default-le-ssl.conf file (and I believe that it's working OK):
Code: Select all
ServerName <server FDQN>
SSLCertificateFile /etc/letsencrypt/live/<server FQDN>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<server FDQN>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Re: Setting SSL variables
Posted: Tue May 26, 2020 8:08 pm
by burger
Per subject title,
The self certs in ZM work without any need to configure php vars in zm.conf files. I understand you are having an issue with the API, but making a new thread with a broad subject will confuse other newcomers who are searching for ssl help. When a layman is setting up ZM with SSL, only apache needs configuration. I assume lets encrypt is the same as the self certs.
Also, can anyone tell me what files are for which variable when dealing with certs issued from LetsEncrypt? There are four files:
Try the lets encrypt forums, or just search online (that is easily available information).
Re: Setting SSL variables
Posted: Wed May 27, 2020 2:51 pm
by SkippyDo
As I noted, ZM components are referencing THREE variables associated with SSL. In 1.30.4 I used TWO (configured in zm.conf).
Yes, I am having API issues. That is why I am asking why a packaged component is showing three ZM-specific variables associated with SSL. Perhaps you aren't aware of this?
Re: Setting SSL variables
Posted: Wed May 27, 2020 4:24 pm
by knight-of-ni
SkippyDo wrote: ↑Wed May 27, 2020 2:51 pm
As I noted, ZM components are referencing THREE variables associated with SSL. In 1.30.4 I used TWO (configured in zm.conf).
Yes, I am having API issues. That is why I am asking why a packaged component is showing three ZM-specific variables associated with SSL. Perhaps you aren't aware of this?
You are confusing SSL communication to the database with SSL communication to a web browser.
For browser based SSL, do not modify the three ZM_DB_SSL_* variables. As the names imply, those variables are intended to set up secure communication to a (remote) database, which isn't what you want.
When you ran letsencrypt (or certbot) for the first time on your system, it modified your apache configuration for you. As you noted, it seems to be working correctly (as long as Chrome or Firefox agree).
I'm using certbot to manage the certificates on multiple sites running zoneminder, and the API works, without issue, after setting up the certificates.
I'm not sure this has got anything to do with the unamed API issue you are experiencing.
Re: Setting SSL variables
Posted: Wed May 27, 2020 4:40 pm
by knight-of-ni
And I keep thinking to myself, it's no longer SSL these days... it's TLS ....but let's just roll with it.
Re: Setting SSL variables
Posted: Wed May 27, 2020 5:46 pm
by SkippyDo
OK, MANY thanks for the clarification!