Letsencrypt

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Error

Letsencrypt

Options

Previous Topic Next Topic

cobash		#1 Posted : Thursday, August 11, 2016 11:27:29 PM(UTC)
Rank: Advanced Member Medals: Joined: 12/10/2011(UTC) Posts: 132 Thanks: 4 times Was thanked: 6 time(s) in 6 post(s)		Has anyone successfully used Letsencrypt to get working certs for screenconnect? When you use lets encrypt you get 4 files cert.pem chain.pem fullchain.pem privkey.pem. I looked around for a bit but didn't see any way to get the pem files into the correct pvk format that screenconnect needs. Has anyone done this? I would like to automate the process if possible. Thanks!


User Profile View All Posts by User View Thanks

cobash		#2 Posted : Thursday, August 11, 2016 11:48:55 PM(UTC)
Rank: Advanced Member Medals: Joined: 12/10/2011(UTC) Posts: 132 Thanks: 4 times Was thanked: 6 time(s) in 6 post(s)		Found it. If anyone needs to use it here it is. https://community.letsen...are-requiring-pvk/8849/6 openssl rsa -in privkey.pem -outform PVK -out private.pvk -pvk-none


User Profile View All Posts by User View Thanks

dbsmith		#3 Posted : Tuesday, September 13, 2016 4:25:10 PM(UTC)
Rank: Newbie Joined: 3/26/2015(UTC) Posts: 1 Thanks: 2 times		Thanks for linking this. Were you able to automate the whole process? Can you share how you did it?


User Profile View All Posts by User View Thanks

Jhuggins@bluzonepc.com		#4 Posted : Monday, January 16, 2017 3:58:03 PM(UTC)
Rank: Member Medals: Joined: 10/31/2014(UTC) Posts: 14 Was thanked: 2 time(s) in 1 post(s)		I run my screenconnect on an EC2 instance (Linux/Mono). I ran a small apache server to get the initial certs. After ten hours of trying to convert the certs for screenconnects' use, I gave up. I just do proxying through apache, and use regex to handle forcing everyone to the https port. The below code does nothing but preserve URLS and push the visitor from HTTP to HTTPS. It belongs in the apache configuration file for the proxied site, not in a .htaccess file. Code: `RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]` I've done this with both Virtualmin and [url=Apachefriends.org]Apachefriends.org[/url] - quite a bit simpler and easier than modifying the certs for Screenconnect's use. P.S. The screenconnect configurator kept crapping out trying to convert the intermediate certs, claimed the second intermediate cert lacked the "trusted" moniker. P.P.S Really, screenconnect, you need to fix this. It should be simple to do, hell's jingling bells, SSL should be required.


User Profile View All Posts by User View Thanks

Bloo413		#5 Posted : Thursday, April 27, 2017 4:55:46 PM(UTC)
Rank: Newbie Joined: 11/16/2015(UTC) Posts: 2 Location: Chicopee Thanks: 1 times		+1 for Windows Server 2012.


User Profile View All Posts by User View Thanks

jeffmorlen		#6 Posted : Friday, June 9, 2017 7:12:03 PM(UTC)
Rank: Newbie Joined: 5/23/2012(UTC) Posts: 5 Location: Milwaukee, WI		Okay... guys... figured it out... and it's almost painless. First, I used this document (https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/Advanced_setup/SSL_certificate_installation/Install_and_bind_an_SSL_certificate_on_a_Windows_server) for the manual installation of an SSL with ScreenConnect/ConnectWiseControl. Second, I used letsencrypt-win-simple (version 1.9.3). You can get that here (https://github.com/Lone-Coder/letsencrypt-win-simple). So, here is what we do. 1) Unzip letsencrypt-win-simple.Vx.x.x (whereas x.x.x is the version number) to the desktop or other location (for this, I put it right on my desktop). 2) Run letsencrypt-win-simple from the location you unzipped it into (as administrator). 3) Select "M" for "Generate a certificate manually". 4) Follow the prompts... enter the hostname, enter your email address (if it's the first time running it) and agree to the terms (if it's the first time running it). 5) When prompted for the site path, you will use the installation location of ScreenConnect/ConnectWiseControl. Default is, I believe, "C:\Program Files (x86)\ScreenConnect\" (don't forget the trailing "\" in your path). At this point, the script should have made a ".well-known" directory under your ScreenConnect/ConnectWiseControl directory and should have authorized you to get certificates 6) Once done, you will have some certificates... but, ScreenConnect/ConnectWiseControl isn't using them yet. And, they are in a goofy place. 7) Navigate to %userprofile%\appdata\Roaming\letsencrypt-win-simple which is where your certificates are saved. Letsencrypt-win-simple should have already installed the certificate onto your system in the COMPUTER ACCOUNT certificate store. 8) Now, you need to find the thumbprint of the certificate. You can do it manually (see instructions by ScreenConnect/ConnectWiseControl), if you like, or copy/paste the script below. This will put a document on your desktop called thumbprint.txt GET THUMBPRINT SCRIPT (edit it for your needs) --- START --- const certpath = "%USERPROFILE%\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\[your certificate name].der" dim objStdOut dim strLine, resString set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut while not objStdOut.AtEndOfStream strLine = objStdOut.ReadLine if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1)) wend resString = Replace(resString, " ", "") Set objFSO=CreateObject("Scripting.FileSystemObject") outFile="%USERPROFILE%\Desktop\thumbprint.txt" Set objFile = objFSO.CreateTextFile(outFile,True) objFile.Write resString objFile.Close wscript.echo resString --- END --- ** Now you have a registered email address, a verified domain, certificate files, a certificate thumbprint and an installed certificate (into the COMPUTER ACCOUNT certificate store) 9) Now we need to bind the certificate for ScreenConnect/ConnectWiseControl's web server. As per the documentation we need to run this command line: --- START --- netsh http add sslcert ipport=0.0.0.0:443 certhash=[ your thumbprint from the thumbprint.txt file ] appid={00000000-0000-0000-0000-000000000000} --- END --- 10) Now we need to edit the web.config file, located in the ScreenConnect/ConnectWiseControl directory. You SHOULD MAKE A BACKUP BEFORE YOU EDIT IT. 11) Search for the string "WebServerListenUri" in the web.config file. 12) Edit the line to be <add key="WebServerListenUri" value="https://+:443/" /> and not (anymore) <add key="WebServerListenUri" value="http://+:80/" /> 13) Save the web.config file. 14) To to services and restart the ScreenConnect Web Server service (you can restart your machine if you like). That's it.
		WWW

User Profile View All Posts by User View Thanks

mrsassy		#7 Posted : Friday, October 20, 2017 7:49:54 PM(UTC)
Rank: Guest Joined: 10/20/2017(UTC) Posts: 2		This is great. But what happens in 3 months when the cert expires? How many of these steps must be repeated to renew the cert?


User Profile View All Posts by User View Thanks

rboatright		#8 Posted : Wednesday, October 25, 2017 9:11:15 PM(UTC)
Rank: Member Medals: Joined: 10/17/2011(UTC) Posts: 18 Location: Topeka, KS Thanks: 1 times Was thanked: 1 time(s) in 1 post(s)		That script was really useful, but having to paste the thumbprint into a batch file by hand and then run it elevated was both annoying and error prone, so I did a little enhancement to it. The following vbs script finds the downloaded cert from letsencrypt and runs netsh to register it so that ScreenConnect can use it. It can't be completely run non-interactive since the netsh command has to be run elevated (run as administrator) so, the first if statement checks that you are, and if not, asks for permission. Also, if you're one of those annoying admins who turns off Wscript, I can't help you. You could program this in Perl or Python or something, but VBS works fine for me. Don't miss editing the code to change the path where letsencrypt saved the cert and where your output files will be. The script defaults to the output files being on your desktop. Save the following somewhere as RegisterCert.vbs (or whatever name you like) =========start====== Code: ' ' Ensure script is being run elevated (as administrator) ' If WScript.Arguments.Length = 0 Then Set ObjShell = CreateObject("Shell.Application") ObjShell.ShellExecute "wscript.exe" _ , """" & WScript.ScriptFullName & """ RunAsAdministrator", , "runas", 1 WScript.Quit End if ' Change this to reflect where your certificate files got put certpath = "C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\support.tbcsoftware.com-crt.der" ' Decide where the output files will be. Default is thisUser's Desktop ' you can hard code it by eding the next line and commenting out the ' following. ' outPath = "C:\Users\myUserName\Desktop\" Set WshShell = WScript.CreateObject("WScript.Shell") outPath=WshShell.ExpandEnvironmentStrings( "%USERPROFILE%\Desktop\" ) Set WshShell = nothing ' ' ok stuff is configured now. ' dim objStdOut dim strLine, objShell, oExec, objFile, wsShell crlf = chr(13) + chr(10) set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut while not objStdOut.AtEndOfStream strLine = objStdOut.ReadLine if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1)) wend resString = Replace(resString, " ", "") Set objFSO=CreateObject("Scripting.FileSystemObject") outFile=outPath + "thumbprint.txt" Set objFile = objFSO.CreateTextFile(outFile,True) objFile.Write resString objFile.Close batFile=outPath + "RegisterCert.bat" Set objFile = objFSO.CreateTextFile(batFile,True) netCommand="netsh http add sslcert ipport=0.0.0.0:443 certhash=" + resString + " appid={00000000-0000-0000-0000-000000000000}" objFile.Write netCommand + crlf objFile.Write "IF %ERRORLEVEL% NEQ 0 SET /A errno^\|=%ERRORLEVEL%" + crlf ' 'Comment out the next line to have the batch file run without user interaction. objFile.Write "pause " + crlf objFile.Write "EXIT /B %errno%" + crlf objFile.Close Set objShell = wscript.createobject("wscript.shell") intReturn=objShell.Run( batFile, 1, true) If intReturn <> 0 Then Wscript.Echo "netsh command returned an error, run the batch file interactively to see it." Else resultText = "No Errors. Ran netsh, created thumbprint.txt and RegisterCert.bat for " + resString wscript.echo resultText End If Set objShell = Nothing ======END========
		-_ Rick Sr. Developer TBC Software
		WWW Facebook Twitter Google+

User Profile View All Posts by User View Thanks

mjthompson		#9 Posted : Saturday, November 25, 2017 3:19:25 AM(UTC)
Rank: Guest Joined: 11/25/2017(UTC) Posts: 1 Location: Perth WA		I hope this doesn't count as a necro, but I just figured out how to fully automate Let's Encrypt with the default webserver (no reverse proxy needed) 1. Getting your LE Certs I used Let's Encrypt Windows Simple (https://github.com/Lone-Coder/letsencrypt-win-simple). Download it and run it. You'll want to set it to use its internal webserver for verification. (plays nice with the ScreenConnect webserver). It will also configure a scheduled task After that, it will save the certs to C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org. The one of interest to me was remotesupport.mydomain-all.pfx - note this filename 2. Modifying the SSL install script Get ScreenConnect Configurator: https://docs.connectwise...llation/SSL_Configurator Next I had to modify the ScreenConnect SSL Configurator (to get rid of prompts, so it is automated). It extracts to %TEMP% when run and can be found in there. It goes without saying you need to move it out of %TEMP%. The changes I made were ScreenConnectConfigurator.cmd Change the bottom to be: Code: `set COMMAND=1 if "%COMMAND%"=="1" call ProcedureWindowsSslMenu.cmd if "%COMMAND%"=="2" call ProcedureLinuxSslMenu.cmd if "%COMMAND%"=="3" goto EXIT rem goto PROMPT_COMMAND` This automates the first menu ProcedureWindowsSslMenu.cmd Code: `set COMMAND=5 if "%COMMAND%"=="0" start "" "openssl.exe" if "%COMMAND%"=="1" call ProcedureChangeWorkingDirectory.cmd if "%COMMAND%"=="2" call ProcedureChangeScreenConnectDirectory.cmd if "%COMMAND%"=="3" call ProcedureGenerateCsr.cmd if "%COMMAND%"=="4" call ProcedureWindowsApplyCert.cmd if "%COMMAND%"=="5" call ProcedureWindowsInstallPfxFile.cmd if "%COMMAND%"=="6" start "" "notepad.exe" "%TEMP%\%LOG_FILE%" rem if "%COMMAND%"=="7" (goto EXIT) else ( goto PROMPT_COMMAND)` That automates the second menu ProcedureWindowsInstallPfxFile.cmd Here's the tricky one First, hardcode the PFX path instead of the set /p Code: `set PFX_PATH="C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\remotesupport.mydomain-all.pfx"` Second, specify the password for the pfx file in the certutil command so it doesn't prompt for it. Unless you changed the letsencrypt-win-simple config file, by default the pfx password is blank. Code: `certutil -f -p "" -importpfx "%PFX_PATH%"` Third, specify the pass again, slightly different for the openssl command Code: `openssl pkcs12 -in "%PFX_PATH%" -nokeys -out "%TEMP%\ExtractedCert.cer" -passin pass:` This last step was needed for me, although probably is not needed for most users. I run the relay off a seperate internal IP so it can also use port 443. As such, the "webserveruri" command is bound to a specific internal IP and not to all interfaces. So the change I made was Code: `rem call ProcedureWindowsModifyWebConfig.cmd "webserveruri=https://+:443/"` If you do this step you'll need to make sure that webserveruri is already setup properly ProcedureWindowsBindCertificate.cmd At the start of the file, add Code: `netsh http delete sslcert 0.0.0.0:443` That will delete the previous certificate binding, otherwise an error will be thrown that one already exists. Scheduled tasks Modify the Windows scheduled task created by letsencrypt-win Add the following: Program: Point it to ScreenConnectConfigurator.cmd Order it below the Let's Encrypt script Add the following: Program: net Arguments: stop "ScreenConnect Web Server" Move it to the top of the priority, above the Let's Encrypt commands Then add another Add the following: Program: net Arguments: start "ScreenConnect Web Server" And make sure it is last Finally, change the time so that it runs overnight and not 9am. LE is fully automated and will renew by itself and install the certs Hope this helps someone Edited by user Saturday, November 25, 2017 4:33:19 AM(UTC) \| Reason: formatting


User Profile View All Posts by User View Thanks

Slacker		#10 Posted : Saturday, December 2, 2017 6:39:16 PM(UTC)
Rank: Member Medals: Joined: 4/26/2014(UTC) Posts: 30 Location: RN Thanks: 3 times Was thanked: 1 time(s) in 1 post(s)		Here's something I cooked up for using AutoSSL/LE certs in a WHM server. (https://github.com/Cacasapo/SC_LE_WHM/) Cron it to run once or twice per day. Code: #!/bin/bash # Slacker 2017 - Use and modify at your own risk. # Script for using certificates in a WHM install with Screenconnect. # Screenconnect must already be configured to use SSL. # Schedule to run 1-2 times per day if using LE/AutoSSL. #### CHANGE THE VARIABLES BELOW TO MATCH YOUR INSTALL SCREENCONNECT_SSL_PORT="8040" DOMAIN=domainname.com SCREENCONNECT_DIRECTORY="/opt/screenconnect" #### HTTPLISTENER_DIRECTORY="$SCREENCONNECT_DIRECTORY/App_Runtime/etc/.mono/httplistener" COMBINED="/var/cpanel/ssl/apache_tls/$DOMAIN/combined" KEY_NAME="$DOMAIN".key CERT_NAME="$DOMAIN".cert mkdir /tmp/sc_le chmod 700 /tmp/sc_le cd /tmp/sc_le csplit -k -f both $COMBINED '/END CERTIFICATE/+1' {1} > /dev/null 2>&1 csplit -k -f split both00 '/END /+1' {1} > /dev/null 2>&1 mv split00 $KEY_NAME mv split01 $CERT_NAME C1=$(cksum $HTTPLISTENER_DIRECTORY/$SCREENCONNECT_SSL_PORT.cer \| colrm 16) C2=$(cksum $CERT_NAME \| colrm 16) if [[ "$C1" != "$C2" ]] then openssl rsa -in "$KEY_NAME" -inform PEM -outform PVK -pvk-none -out "$SCREENCONNECT_SSL_PORT.pvk" [[ ! -d "$HTTPLISTENER_DIRECTORY/backup" ]] && mkdir $HTTPLISTENER_DIRECTORY/backup \cp $HTTPLISTENER_DIRECTORY/$SCREENCONNECT_SSL_PORT.* $HTTPLISTENER_DIRECTORY/backup \cp $CERT_NAME $HTTPLISTENER_DIRECTORY/$SCREENCONNECT_SSL_PORT.cer mv $SCREENCONNECT_SSL_PORT.pvk $HTTPLISTENER_DIRECTORY service screenconnect restart fi cd rm -fr /tmp/sc_le


User Profile View All Posts by User View Thanks

elbel86		#11 Posted : Tuesday, December 5, 2017 5:31:34 PM(UTC)
Rank: Newbie Joined: 8/17/2015(UTC) Posts: 5 Thanks: 1 times		Wondering if anybody has figured out an easy way to get this set up on a linux server? I've been messing with it for 2 days now and have yet to make any progress...


User Profile View All Posts by User View Thanks

Ben B		#12 Posted : Tuesday, December 19, 2017 8:45:42 PM(UTC)
Rank: Administration Medals: Joined: 10/2/2015(UTC) Posts: 329 Thanks: 1 times Was thanked: 71 time(s) in 63 post(s)		Originally Posted by: elbel86 Wondering if anybody has figured out an easy way to get this set up on a linux server? I've been messing with it for 2 days now and have yet to make any progress... Are you attempting to install a Lets Encrypt cert onto a mono server? For testing purposes, I just installed a Let's Encrypt cert on an Ubuntu 16.04 server on version 6.4.15787 via the following steps: Run the following commands to install certbot: $ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot To create the private key and cert: $ sudo certbot certonly Enter option 1 for "Spin up a temporary webserver (standalone)" Enter email address Agree to terms Enter domain name Certbot creates the private key and cert: Certificate location: /etc/letsencrypt/archive/[domain]/cert1.pem Private key location: /etc/letsencrypt/archive/[domain]/privkey1.pem Copy cert1.pem to your working directory and rename it to ScreenConnectCertificate.cer Copy privkey1.pem to your working directory and rename it to ScreenConnectPrivateKey.key Download the SSL Configurator shell script for Linux from here to your working directory. Run the configurator script: Change working directory or installation directory if necessary (options 1 and 2) Select option 4 to rename ScreenConnectCertificate.cer and ScreenConnectPrivateKey.key Select option 5 to install the certificate and private key Select option 6 to edit the web.config so the Control web server listens on port 443 Restart your services by running the command "/etc/init.d/screenconnect restart" Your Linux server should now be set up to use the Let's Encrypt cert.
		ScreenConnect Team

2 users thanked Ben B for this useful post.		elbel86 on 12/20/2017(UTC), benjohnson on 12/20/2017(UTC)
User Profile View All Posts by User View Thanks

elbel86		#13 Posted : Wednesday, December 20, 2017 1:33:22 AM(UTC)
Rank: Newbie Joined: 8/17/2015(UTC) Posts: 5 Thanks: 1 times		That does indeed work! I'm not sure where I screwed up before, but having all laid out step by step sure does help. Thanks!


User Profile View All Posts by User View Thanks

benjohnson		#14 Posted : Wednesday, December 20, 2017 6:55:00 PM(UTC)
Rank: Member Medals: Joined: 6/28/2012(UTC) Posts: 24 Thanks: 2 times Was thanked: 1 time(s) in 1 post(s)		Originally Posted by: Ben B Originally Posted by: elbel86 Download the SSL Configurator shell script for Linux from here to your working directory. I apparently don't have the correct ConnectWise University access to get this file - can you post it somewhere else? The website comes back with "We are sorry that we are not able to provide ConnectWise University access at this time." and I've gone through changing my password.


User Profile View All Posts by User View Thanks

Ben B		#15 Posted : Wednesday, December 20, 2017 7:58:12 PM(UTC)
Rank: Administration Medals: Joined: 10/2/2015(UTC) Posts: 329 Thanks: 1 times Was thanked: 71 time(s) in 63 post(s)		Quote: I apparently don't have the correct ConnectWise University access to get this file - can you post it somewhere else? The website comes back with "We are sorry that we are not able to provide ConnectWise University access at this time." and I've gone through changing my password. That link shouldn't require ConnectWise University access. In any case, I've attached a copy of the configurator shell script to this post. sslConfiguratorScriptForLinux.sh (6kb) downloaded 138 time(s). Edited by user Wednesday, December 20, 2017 7:58:52 PM(UTC) \| Reason: Not specified
		ScreenConnect Team

1 user thanked Ben B for this useful post.		benjohnson on 12/20/2017(UTC)
User Profile View All Posts by User View Thanks

tbare		#16 Posted : Friday, February 23, 2018 1:56:11 PM(UTC)
Rank: Guest Joined: 2/23/2018(UTC) Posts: 1		Originally Posted by: Ben B Copy cert1.pem to your working directory and rename it to ScreenConnectCertificate.cer Copy privkey1.pem to your working directory and rename it to ScreenConnectPrivateKey.key Which working directory are we talking about here? Is there a specific directory, or do you mean like ~/screenconnect? Also, does the SSL Config script auto-renew the LE cert, or will that need to be done manually? Thanks for the great writeup!
		WWW

User Profile View All Posts by User View Thanks

elbel86		#17 Posted : Tuesday, March 20, 2018 9:27:59 PM(UTC)
Rank: Newbie Joined: 8/17/2015(UTC) Posts: 5 Thanks: 1 times		Ok, so it worked great. For 90 days. Now I'm back because the cert expired, and even when certbot renewed it, screenconnect still seems to be using the expired cert. I already have certbot setup to autorenew and my cert is good. I know I can probably just do this whole process again, and it will be fine for another 90 days, but is there a way to automate screenconnect getting the renewed cert? Edited by user Tuesday, March 20, 2018 9:28:45 PM(UTC) \| Reason: Not specified


User Profile View All Posts by User View Thanks

cobash20		#18 Posted : Thursday, March 22, 2018 1:59:50 PM(UTC)
Rank: Guest Joined: 3/22/2018(UTC) Posts: 3		Here is what I used to update my certs. There is an Apache proxy server on the front end and the Screenconnect server on the back end. Below is the script I use to auto renew the cert and then ssh to the screenconnect server, convert the certs, and then restart the screenconnect service. I have bolded the parts that you will need to change to fit your setup. ( the info there is just generic. ) Oh and this runs from the proxy server. Let me know if it helps or if you have any questions. # Starts the renewal process certbot renew --quiet #################################################################################### # Uncomment the line below if you need to add additional domains. #certbot --apache certonly ###################################################################################### # Change Directory to Letsencrypt cd /etc/letsencrypt/live/support.screenconnect.com/ ####################################################################################### # Creates the correct files for screenconnect and copies it to the screenconnect server. openssl rsa -in /etc/letsencrypt/live/support.screenconnect.com/privkey.pem -outform PVK -out /etc/letsencrypt/live/support.screenconnect.com/443.pvk -pvk-none scp cert.pem root@192.168.1.50:/opt/screenconnect/App_Runtime/etc/.mono/httplistener/443.cer scp 443.pvk root@192.168.1.50:/opt/screenconnect/App_Runtime/etc/.mono/httplistener/443.pvk rm -f /etc/letsencrypt/live/support.screenconnect.com/443.pvk scp cert.pem chain.pem fullchain.pem privkey.pem root@192.168.1.50:/etc/pki/tls/certs/ ####################################################################################### # Restart Services systemctl restart httpd ssh root@192.168.1.50 "systemctl restart screenconnect.service"


User Profile View All Posts by User View Thanks

Users browsing this topic

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.