Ahh. Yes. You can generate a csr from pf with the appropriate host name.
Google it. Lots of pages on it.
Sent from my iPhone
On Jan 22, 2015, at 7:52 PM, Scott Slagle <[email protected]> wrote:
Okay – here is what is going on:
I have a Windows domain controller which is a local CA.
PacketFence Server is inside the network using AD as the authentication
source.
If the portal isn’t secure, then an intruder using snort can find “post”
requests and obtain the clear text credentials. For this reason, https
must be utilized.
When a client, who’s PC is a member of the domain plugs into the network
and is redirected to the captive portal, the certificate isn’t trusted.
I can download the certificate and apply it trusted in AD GP, however the
certificate is issued to 127.0.0.1 instead of the dns name.
I cannot request a certificate to my local CA from the PacketFence Server.
I don’t want to purchase a certificate when I have a local CA and this
server never see’s the outside world.
Thanks,
Scott
*From:* Tim DeNike [mailto:[email protected] <[email protected]>]
*Sent:* Thursday, January 22, 2015 6:37 PM
*To:* [email protected]
*Subject:* Re: [PacketFence-users] Portal Redirect Untrusted
There is no way to make it happen unless you preinstall a wildcard
certificate on every connecting computer. If a client tries to connect to
https://someesite.com, the root ca for that cert must be in their
certificate store or you will get an error. Now... If you are talking
about a domain YOU control then you can use a wildcard domain cert for the
portal pages and any site in YOUR domain will work. But NEVER for an
outside domain.
Sent from my iPhone
On Jan 22, 2015, at 6:02 PM, Tristan Rhodes <[email protected]> wrote:
Scott,
I submitted this feature request:
http://packetfence.org/bugs/view.php?id=1854
Tristan
*Tristan Rhodes*
Network Engineer
Weber State University
801.626.8549
On Thu, Jan 22, 2015 at 12:17 PM, Scott Slagle <[email protected]>
wrote:
I receive a certificate error as well. It would be a nice feature to be
able to request a certificate from a local csr and apply a local domain
certificate to PF.
Scott Slagle
*From:* Ludovic Zammit [mailto:[email protected]]
*Sent:* Thursday, January 22, 2015 1:48 PM
*To:* [email protected]
*Subject:* Re: [PacketFence-users] Portal Redirect Untrusted
Hello Montana,
I will check the certificate and I will get back to you.
You can disable the auto redirect on the https under Configuration >
Captive Portal > Secure Redirect
Thanks,
Ludovic Zammit
[email protected] <[email protected]> :: +1.514.447.4918 (x145) ::
www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
Le 2015-01-22 à 11:59, Arble, Montana <[email protected]> a
écrit :
Hello,
Currently, if our users hit the portal redirect when attempting to access
an https site they receive a message indicating that the site is untrusted.
We have been advising users to fist go to a http site to hit the portal but
this is becoming more problematic.
Is there a way to prevent the portal redirect untrusted message?
We are running PacketFence 4.5.1 with a signed wildcard certificate for the
portal.
Regards,
Montana Arble
Network and Systems Administrator
University of Detroit Jesuit High School and Acad.
313-927-2356
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
