Okay – here is what is going on:
I have a Windows domain controller which is a local CA.
PacketFence Server is inside the network using AD as the authentication source.
If the portal isn’t secure, then an intruder using snort can find “post”
requests and obtain the clear text credentials. For this reason, https must be
utilized.
When a client, who’s PC is a member of the domain plugs into the network and is
redirected to the captive portal, the certificate isn’t trusted.
I can download the certificate and apply it trusted in AD GP, however the
certificate is issued to 127.0.0.1 instead of the dns name.
I cannot request a certificate to my local CA from the PacketFence Server.
I don’t want to purchase a certificate when I have a local CA and this server
never see’s the outside world.
Thanks,
Scott
From: Tim DeNike [mailto:[email protected]]
Sent: Thursday, January 22, 2015 6:37 PM
To: [email protected]
Subject: Re: [PacketFence-users] Portal Redirect Untrusted
There is no way to make it happen unless you preinstall a wildcard certificate
on every connecting computer. If a client tries to connect to
https://someesite.com, the root ca for that cert must be in their certificate
store or you will get an error. Now... If you are talking about a domain YOU
control then you can use a wildcard domain cert for the portal pages and any
site in YOUR domain will work. But NEVER for an outside domain.
Sent from my iPhone
On Jan 22, 2015, at 6:02 PM, Tristan Rhodes
<[email protected]<mailto:[email protected]>> wrote:
Scott,
I submitted this feature request: http://packetfence.org/bugs/view.php?id=1854
Tristan
Tristan Rhodes
Network Engineer
Weber State University
801.626.8549
[http://www.weber.edu/wsuimages/brand/templates/emailsig_sig1.jpg]
On Thu, Jan 22, 2015 at 12:17 PM, Scott Slagle
<[email protected]<mailto:[email protected]>> wrote:
I receive a certificate error as well. It would be a nice feature to be able
to request a certificate from a local csr and apply a local domain certificate
to PF.
Scott Slagle
From: Ludovic Zammit [mailto:[email protected]<mailto:[email protected]>]
Sent: Thursday, January 22, 2015 1:48 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] Portal Redirect Untrusted
Hello Montana,
I will check the certificate and I will get back to you.
You can disable the auto redirect on the https under Configuration > Captive
Portal > Secure Redirect
Thanks,
Ludovic Zammit
[email protected]<mailto:[email protected]> ::
+1.514.447.4918<tel:%2B1.514.447.4918> (x145) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
Le 2015-01-22 à 11:59, Arble, Montana
<[email protected]<mailto:[email protected]>> a écrit :
Hello,
Currently, if our users hit the portal redirect when attempting to access an
https site they receive a message indicating that the site is untrusted. We
have been advising users to fist go to a http site to hit the portal but this
is becoming more problematic.
Is there a way to prevent the portal redirect untrusted message?
We are running PacketFence 4.5.1 with a signed wildcard certificate for the
portal.
Regards,
Montana Arble
Network and Systems Administrator
University of Detroit Jesuit High School and Acad.
313-927-2356<tel:313-927-2356>
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
