UCM HTTP Server certificate - "There is something wrong with the uploaded TLS certificate."


#1

Hello,

anyone knows if there is some documentation on how to change the web server default certificate in the UCM or any especif recomendation?

When accessing the UCM web server from WAN, you know always get the https certificate error…

Since the UCM I want to access is accessible from a subdomain like https://ucm.mypbx.com, that domain has a Comodo wildcard certificate that can work with any subdomain *.mypbx.com) and is ready working for other subdomains, no problems at all.

I tried many times, but the result is always the same, the error I pasted in the subject, “There is something wrong with the uploaded TLS certificate. The default certificate has been restored.”


UCM6202 @ 1.0.18.12

Many tries, but usually, upload 2 independent files. System settings --> HTTP Server --> Certificate Settings:


First file, with file extension required, .pem, is readable as plain text
-----BEGIN CERTIFICATE-----
TLS Private Key - private.pem
-----END CERTIFICATE-----


-----BEGIN PRIVATE KEY-----
TLS Cert - certificate.pem
-----END PRIVATE KEY-----


Anyone who has been able to do it can give me any clue?

Thanks


#2

Have you tried adding the CA certificate above the TLS cert in the same file?


#3

Hello fmarcoux96,

the result is even worst…, please see attached images when I add the CA, previous to the TLS.

After that, this is the error window:

Instead_of_error_this_is_shown


All menus text were also changed:

I change the languaje option (near logout link), and language came back well.


#4

That is pretty strange.

What was the file extension of your original certificate? .pem, .cer, .crt, .psk?


#5

Those are the independent file when I download them from a single file.


certs


Now that you asked…, maybe what I doing wrong is ti just change the extension to .pem and that is why UCM can´t interpreter the content inside of the certificates?


#6

Yes it is my guess too.

I had managed to convert my crt to pem using openssl commands. Google a little and you’ll find a lot of information.

Simply convert the file and retry, it might do it. Also, try using private mode or a different browser after configuring the certifcate, sometimes browsers keep a cache and it takes a long time to see if it worked.


#7

Thank you @fmarcoux96,

I´ll find a momment to try it, and post back here so could help others.