Userman working- Cert installed, but can't connect via SSL

RouterOS The User Manager
1

I have a RB333 hotspot whose users I am attempting to authenticate/track with User Manager- handling their payments via my authorize.net merchant gateway.
The User Manager is installed on an x86 based MT router at my NOC. The version is 2.9.51
I have it working in a basic mode, but am having a problem implementing authorize.net.

I have generated a certificate on a Linux box and imported it into the router running User Manager. It decrypts fine.
I have enabled the www-ssl service on port 443 using cert1 (the name of my certificate)
I have rebooted the router.

I cannot get a response on the https://x.x.x.x/userman or on https://x.x.x.x/joe (joe is my test user)
All I get is 404 errors. It is almost as if ssl is not running.

I have to go on site today to install this hotspot and wasn’t expecting this sort of problem.
Can anyone give me some help please?

Thanks

Ralph

2

Forgot to add that in the user setup on User Manager, for authorize.net it says “use ssl” instead of giving me the options.
This, I presume, is the routers way of telling me that it doesn’t detect ssl running. Is that correct?

3

I just re set everything up again (3rd time) still the same problem.
Doesn’t anyone have any ideas?

4

I have set everything up again and still have no luck.
I have a support ticket in at MT but haven’t heard anything since Wednesday.
Does ANYONE have any ideas of what to do to make this work?

Thanks

5

You have the configuration,

ip services set www-ssl port=443 address=0.0.0.0/0 disabled=yes

try to enable ssl service and then check once again.

6

I went ahead and enabled SSL on the ip services page as suggested.
I generated and loaded a new certificate.
I rebooted.

  1. I still cannot provision authorize.net. The place where you do it still says “use ssl”

  2. I still cannot even log in to user manager using SSL either.

Any more suggestions?

7

From the Wiki. LOOK CLOSELY AT THE TEXT IN RED BELOW, THE ORDER THAT YOU IMPORT IS VITAL. FOLLOW THESE INSTRUCTIONS CAREFULL AND IT WILL WORK.

HTTPS connection enabling
[edit] Creating certificate

Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign. An unsigned certificate can be generated by hand, using OpenSSL on a Linux box. To do it issue following commands in the shell:

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Two important things:

  1. Enter the same pass phrase always when asked for “Enter pass phrase for server.key” (Should be 4 times);
  2. Enter your server’s domain name, when asked for “Common Name (eg, YOUR name) ”. This is important, because otherwise some browsers may refuse your certificate. For example, if the User Manager server’s address is http://userman.mt.lv/userman, then “userman.mt.lv” must be specified as Common Name for the certificate.

After doing this three files will be created:

  1. server.crt - Certificate, must be uploaded to router;
  2. server.key - Private key, must be uploaded to router;
  3. server.csr - Signature request, can/should be deleted;

[flash=]Upload server.crt and server.key to the router and import them, using the same pass phrase again when asked. server.crt must be imported before server.key.[/flash]
[edit] Importing certificate

Certificate file can be then uploaded to the router and imported with command

/certificate import file-name=…

The command should return

certificates-imported: 1
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0

If it doesn’t, could happen that the file contains private key and certificate sections in incorrect order. In this situation the output should be

certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 1

Just repeat the same command

/certificate import file-name=…

once again and the output should be this time

certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0

Now certificate is imported correctly and ready for use;