How do I set this up?

[ArjonBu]

How do I set this up? I am signing an account with Singlehop and I don't see any docs on how to set this up.

[Vittfarne]

Seems you have problems with your CSR, I suggest pasting your CSR at https://certlogik.com/decoder/ and then copying in the format outputted after it decoded your CSR.

If it doesn't work then, try with the following openssl-command and enter the details:
openssl req -new -newkey rsa:2048 -nodes -sha256 -out cert.csr -keyout cert.key

[ArjonBu]

CSR is fine. I must be doing something wrong with the script. I have entered my email and password at index.php file and nothing else. How does the script verify the CSR? Also at index.php, I should enter my account ID or email?

[Vittfarne]

If you get stuck on the script's CSR-verification you can look at line 352
https://github.com/Vittfarne/ASSL/blob/master/web/html/index.php#L352

You should use your email as the "username"

[ArjonBu]

No idea how to modify PHP. Maybe there is a problem at define("ASSL", "")? I haven't defined anything here.

[Vittfarne]

Well, you shouldn't have to modify anything else than user, pass and make sure salt is something unique for security reasons (your webserver has to be able to write to the data folder specified of course).

The define simply defines ASSL to a empty string, it doesn't matter what that value is at all. It's simply used to prevent accessing the language files directly, the language files have checks to make sure that ASSL is defined (the language file is called from this script), you can check the first lines in the language files to see the check.

If you can't get it working, please try using the openssl command I posted and don't use special characters in the CSR for any field.

[ArjonBu]

My CSR works on every CSR decoder tool. The only special character that I uses is the star for wildcard.
I have configured the html folder to be the root directory of my subdomain. Data folder is offline but nginx can write to that directory.

No idea what I am doing wrong.

[Vittfarne]

Just to make sure, you have openssl installed?

I put together a simple script that tests that openssl is working and returning what the script expects, if it works with the CSR I just generated, test by replacing with your and check that it still works.
https://gist.github.com/Vittfarne/deabe05015441e6e14c0daf40a1690e3

You should see the following when loading the page:
string(84) "subject=/C=SE/ST=Fake/L=Fake/O=Fake/OU=Fake/CN=*.fake.com/emailAddress=fake@fake.com"

[ArjonBu]

Openssl is installed.
This is what I see when I open test.php:
string(103) "subject=C = SE, ST = Fake, L = Fake, O = Fake, OU = Fake, CN = *.fake.com, emailAddress = fake@fake.com"

[ArjonBu]

Also, I am using a subaccount for index.php because the main account can not login with email but with only ID. The subaccount has all admin features. But tested also with id and password of main account and the error is the same.

[ArjonBu]

Nginv config:

`server {
listen 443 ssl http2;
server_name ssl.domain.com;
root /var/www/ssl.domain.com/html;
access_log /var/log/nginx/ssl.domain.com.log;
error_log /var/log/nginx/ssl.domain.com.error.log;
include defaults.conf;
index index.php;
keepalive_timeout 300;
#rewrite ^/index.php/(.*) /$1 permanent;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

ssl_certificate /etc/letsencrypt/live/ssl.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ssl.domain.com/privkey.pem; # managed by Certbot
}
`

[ArjonBu]

It looks like I must have made some changes to openssl on this server. Tried on a clean centos7 server and it works fine. Thank you for helping 👍