NetTalk and SSL

1

Hello everyone,

Does anybody uses NetTalk and SSL certificate generated within NetTalk itself?

I get message in Firefox:

…Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

And in Edge:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

All fields have necessary data, as written in help. OpenSSL can be started on server. DNS is updated to correct IP address. NetTalk version is 12.63. Server version is Windows 2022.

When I double click on CSR file for domain I get this message:

image

I do not know is this desired behavior?

2

I would not describe that as desirable behavior. How did uou generate the certificate?

1 Like
3

I upgraded to version 14 and that helped, since it has a more log data. Server is on AWS, and only ports allowed from the internet to the server are 80 and 443, when certificate creation is started connection is blocked. When I allowed all traffic in ACL, the test certificate was created correctly.

This is a little problem, Let’s Encrypt does not publish it’s IP range, and addresses are changed…

4

The LetsEncrypt protocol only uses port 80 for incoming. But most of the conversation happens with the server making an outgoing connection to LE.

Im not sure how the IP address comes into play, umless you are blocking outgoing connections to remote port 443.

5

It seems to be that the other ports are used for incoming connection. When ACL in AWS is set like this:

image
image1621×492 44 KB

The message in NetTalk is:

[ 7/08/24-10:47:56] -53 The requested connection to acme-staging-v02.api.letsencrypt.org could not be opened. The Open command timed out or failed to connect

And when I try to open URL, the message is:

image
image794×382 14.9 KB

When I change the rule no. 130 to allow:

image
image1599×475 33.8 KB

And generate certificate, then it is desired behavior for test certificate when I try to open the domain. Message is:

image
image748×433 9.18 KB