Hi, I have a grandstream PBX that I have written a custom application for. The certificate
is accepted by android and windows devices, but on iOS devices it does not connect.
I have contacted grandstream to try and get the CSR that the pbx generates from the devices
in order for me to purchase cert.
Can you assist me on 1, how to increase security of the certicate (even if it is paid) or 2. help me to get the CSR that is linked to the domain.
Any help would be appreciated
My domain is: pbx.vivr-voip.co.za
I ran this command: only web access to device
It produced this output:
My web server is (include version): Grandstream
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: Afrihost (south africa)
I can login to a root shell on my machine (yes or no, or I don't know):no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
you are sending just leaf certificate, you need to use fullchain.pem instead of cert.pem otherwise ios cached wrong intermediate.
Thank you. I have no control of any settings, I can only enter the domain name and click request certificate. and I have to ensure that its listening on port 80 with redirect to 443 disabled.
this is pain to config: bring a pen to note this down. you won't remember how to renew this.
you'd have to get one yourself (buy one or get another LE client outside of this)and build special format just for this.
they use nonstandard format for certificate upload: intermediate - leaf - private key it's reverse order of normal key-embedded pem format.
https://forums.grandstream.com/t/custom-certificate-upload-format/32611/4 (cert then key order)
https://forums.grandstream.com/t/ssl-certificate-installation/35964 (how to enter intermediate with it?)
and call grandstream to update firmware to include chain certificate for their le certificate
Thank you, I appreciate your help. let me get on it.
Thanks. looks like it is working
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.