Thanks for the info. That does sound like the problem and makes a lot of since
since the registration network can not get out to verify the certificate. I
attempted the proxy passthrough but I could not get it to work. At first I
thought my version 4.0.1 was the issue since I saw some other threads saying
4.0.1 didn't support passthrough. Since upgrading to 4.1.0 I still have the
same issue. What should I check when it comes to bypass. I check the box under
trapping to enable it and list my websites under proxy passthrough. Thanks.
Jeremy Plumley
ITS Network Technician
Guilford Technical Community College, www.GTCC.edu<http://www.gtcc.edu/>
601 High Point Road, Jamestown, NC 27282
Office - 336.334.4822 ext 50428
________________________________
From: Arthur Emerson III <[email protected]>
Sent: Tuesday, February 11, 2014 11:29 AM
To: [email protected]
Subject: Re: [PacketFence-users] Certificate issues
On Feb 11, 2014, at 10:23 AM, Jeremy Plumley
<[email protected]<mailto:[email protected]>> wrote:
Having some issues with our wildcard certificate on Packetfence registration
portal. When a workstation is unregistered and goes to the registration portal
you get a message in IE that there is a problem with the website certificate.
When you click continue everything works fine after that. I do not have this
problem with our certificate in Firefox. On the admin page the certificate
works for both IE and Firefox. Any ideas?
My first guess would be that IE cannot reach an outside server from
the registration network to verify the certificate OCSP/CRL status.
Accessing the admin page from the "live" network with Internet access
works as expected.
If so, these articles about a similar Mac problem may be of interest:
http://www.packetfence.org/support/faqs/article/ocsp-issues-on-mac-osx-lion-1072-while-in-registration.html
http://www.packetfence.org/bugs/view.php?id=1329
Another possibility is that the registration network's DNS server/name
aren't using a name that matches the wildcard domain in the
certificate. A wildcard certificate issued for *.gtcc.edu<http://gtcc.edu/>
will
match packetfence.gtcc.edu<http://packetfence.gtcc.edu/>, but not
packetfence.somesubdomain.gtcc.edu<http://packetfence.somesubdomain.gtcc.edu/>
or packetfence.gtcc.local...
-Arthur
-------------------------------------------------------------------------
Arthur Emerson III Email:
[email protected]<mailto:[email protected]>
Network Administrator InterNIC: AE81
Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave. Fax: (845) 562-6762
Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
