Certificate errors when connecting from mumble desktop

[heliophane]

Hi all, sorry if this isn't the proper place to ask this but I'm having issues. I installed the container through docker compose and got nginx properly configured for it, and it passes certification in a web browser. AM I doing something wrong? I'm using the desktop version in the ubuntu repos if age of the package makes a difference

[azlux]

mumble use certificate for tls encryption, not for http packets.
The reverse nginx cannot forward UDP and TCP mumble protobuff packet. It's not web packet here.

[heliophane]

How do I go about acquiring a cert for my server? do I do so from the shell within the docker container?

[Krzmbrzl]

The Mumble server will automatically generate a certificate, if it doesn't have one yet.
If you mean a proper SSL certificate for web-traffic, then you'll probably want something like LetsEncrypt

[frollard]

How do I go about acquiring a cert for my server? do I do so from the shell within the docker container?

The mumble documentation has instructions on how to set up letsencrypt...it's not a cakewalk but not insanely hard either.
Because we're in dockerland, I use SWAG (nginx and letsencrypt have a baby)...then mount the pem files from swag into the mumble container. The reason is if I use mumble.domain.com it's nice when the ssl cert matches and mumble clients don't get an error. Otherwise, the default self-signed cert is just fine.

[shredman01]

Hi,

I have the following problem. The docker mumble server is running and lokal network connections from mumble clients working as expected but our Firewall has deep ssl inspection enabled and every client, who tried to connect from outside, gets this error message:

Mar  2 10:52:38 mumble-srv <X>2023-03-02 09:52:38.447 SSL: OpenSSL version is 'OpenSSL 1.1.1f  31 Mar 2020'
Mar  2 10:52:38 mumble-srv <W>2023-03-02 09:52:38.448 Initializing settings from /data/mumble_server_config.ini (basepath /data)
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.105 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.185 ServerDB: Opened SQLite database /data/mumble-server.sqlite
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.185 ServerDB: Using SQLite's default rollback journal.
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.188 MurmurIce: Endpoint "tcp -h 127.0.0.1 -p 6502 -t 60000" running
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.188 Murmur 1.4.287 running on Linux: Ubuntu 20.04.5 LTS [x64]: Booting servers
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.197 1 => Server listening on 0.0.0.0:64738
Mar  2 10:52:39 mumble-srv <W>2023-03-02 09:52:39.829 1 => Not registering server as public
**### Mar  2 10:52:52 mumble-srv <W>2023-03-02 09:52:52.026 1 => <0:(-1)> New connection: xx.xxx.xx.xxx:65156
Mar  2 10:52:52 mumble-srv <W>2023-03-02 09:52:52.119 1 => <0:(-1)> Connection closed: Error during SSL handshake: error:0407E068:rsa routines:RSA_verify_PKCS1_PSS_mgf1:bad signature, error:1417B07B:SSL routines:tls_process_cert_verify:bad signature [13]**
Mar  2 10:53:02 mumble-srv <W>2023-03-02 09:53:02.192 1 => <0:(-1)> New connection: xx.xxx.xx.xxx:65157
Mar  2 10:53:02 mumble-srv <W>2023-03-02 09:53:02.292 1 => <0:(-1)> Connection closed: Error during SSL handshake: error:0407E068:rsa routines:RSA_verify_PKCS1_PSS_mgf1:bad signature, error:1417B07B:SSL routines:tls_process_cert_verify:bad signature [13]

I tried to load our official wildcard certificate that fits to the docker host but mumble server cannot read it, no matter which format I try. I believe that mumble doesn't accept own certificates. who can help and what's the problem here ? Every settings that I change is done via enviroment settings like MUMBLE_CONFIG_sslCA= ......

Mar  2 10:58:02 mumble-srv Setting config "sslCA" to: '/media/docker/containers/mumble/data/star.test-cl.com.pem'
Mar  2 10:58:02 mumble-srv Setting config "sslCert" to: '/media/docker/containers/mumble/data/wildcard-bundle.test-cl.pem'
Mar  2 10:58:02 mumble-srv Setting config "logfile" to: '/var/log/docker/mumble-srv.log'
Mar  2 10:58:02 mumble-srv Setting config "certrequired" to: 'true'
Mar  2 10:58:02 mumble-srv Setting config "sslKey" to: '/media/docker/containers/mumble/data/wildcard.test-cl.com_2022.key'
Mar  2 10:58:02 mumble-srv ls: cannot access '/run/secrets': No such file or directory
Mar  2 10:58:02 mumble-srv Setting config "database" to: '/data/mumble-server.sqlite'
Mar  2 10:58:02 mumble-srv Setting config "ice" to: '"tcp -h 127.0.0.1 -p 6502"'
Mar  2 10:58:02 mumble-srv Setting config "port" to: '64738'
Mar  2 10:58:02 mumble-srv <X>2023-03-02 09:58:02.728 SSL: OpenSSL version is 'OpenSSL 1.1.1f  31 Mar 2020'
Mar  2 10:58:02 mumble-srv <W>2023-03-02 09:58:02.729 Initializing settings from /data/mumble_server_config.ini (basepath /data)
Mar  2 10:58:02 mumble-srv <C>2023-03-02 09:58:02.729 MetaParams: Failed to read /media/docker/containers/mumble/data/star.test-cl.com.pem
Mar  2 10:58:02 mumble-srv <F>2023-03-02 09:58:02.729 MetaParams: Failed to load SSL settings. See previous errors.

Regards,
Frank