Sallee, Jake <[email protected]><mailto:[email protected]> wrote:
Since it looks like I will need to be replacing my cert I was wondering about
using Lets Encrypt.
It looks like a really nice project and the cost is right up my alley!
Is there any reason I should not use a LE cert? Anyone see a problem with this
path?
I have cut/pasted the thread on this very subject from last fall. I
personally haven't tried it (yet!), but it sounds like Michel in Norway
made it work...
-Arthur
-------------------------------------------------------------------------
Arthur Emerson III Email:
[email protected]<mailto:[email protected]>
Network Administrator InterNIC: AE81
Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave. Fax: (845) 562-6762
Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 008-A
From: Pedersen Michel
<[email protected]><mailto:[email protected]>
Reply: [email protected]
<[email protected]><mailto:[email protected]>
Date: November 16, 2016 at 11:00:54 AM
To: [email protected]
<[email protected]><mailto:[email protected]>
Subject: Re: [PacketFence-users] PacketFence with LetsEncrypt
Okay, I got this to work. It’s a bit of a “hack” though.
Since certbot wouldn’t let me use the standard apache plugin (it failed each
time..) this is what I did:
(all to be setup in a weekly script when the portal is not in use meaning I can
have a bit of downtime)
1. Stop packetfence : service packetfence stop
2. Use certbot to generate a standalone certificate : certbot certonly
--standalone -d “server FQDN” -m “email for management of certificate”
3. Copy the now generated certificate files to /usr/local/pf/conf/ and
rename them so that packetfence will use them on the next start (can probably
be done better by changing the ssl config file in packetfence. I tried
referencing them directly though and that did not work)
cp /etc/letsencrypt/live/”FQDN”/* /usr/local/pf/conf/ssl/
cp /etc/letsencrypt/live/”FQDN”/cert.pem /usr/local/pf/conf/ssl/server.crt
cp /etc/letsencrypt/live/”FQDN”/privkey.pem /usr/local/pf/conf/ssl/server.key
cp /etc/letsencrypt/live/”FQDN”/server.crt /usr/local/pf/conf/ssl/server.pem
cat /usr/local/pf/conf/ssl/server.key >> /usr/local/pf/conf/ssl/server.pem
cp /etc/letsencrypt/live/”FQDN”/chain.pem /usr/local/pf/conf/ssl/chain.crt
4. Update /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf and add the
following line. This is very important or the certificate will fail validation
on a lot of browsers/tablets. Only needs to be done once :
SSLCertificateChainFile %%install_dir%%/conf/ssl/chain.crt
5. Start packetfence again. The magic now picks up the certificate files and
uses them : service packetfence start
Since letsencrypt certificates are only valid for 90 days we’ll need to run the
certbot regularly to update the certificate if needed. The new certificate only
takes effect when restarting packetfence.
Voila :-)
(oh btw, the portal needs to be internt accessible on https for the
certificates to be generated. Mine isn’t at the moment but looking at the FW
I’ve opened up traffic (https) from outbound1.letsencrypt.org which seems to be
originating the traffic when issuing the certificates)
Hope this can be of help to someone else. I’m running this on RHEL7 (so no ZEN
installation)
-Michel
Fra: Durand fabrice [mailto:[email protected]]
Sendt: 16. november 2016 02:29
Til: [email protected]
Emne: Re: [PacketFence-users] PacketFence with LetsEncrypt
Hi Michel,
i am also interested about using a letsencrypt certificate for Packetfence
(ZEN).
What you probably have to do is to follow the apache certificate generation
instructions and check the conf/httpd.conf.d/ssl-certificates.conf file.
Regards
Fabrice
Le 2016-11-15 à 02:22, Pedersen Michel a écrit :
Hi everyone,
I’m looking at using certificates from letsencrypt.org with my PacketFence
server and am currently trying to get them installed using certbot.
I must admit to not having done this before and having little experience with
certificates (outside of generating/installing certificates from commercial
vendors like comodo), so I was hoping that someone here had any experience with
letsencrypt and packetfence and would be willing to share a bit of knowledge on
how they did this.
Any help would be appreciated ☺
Best regards
Michel Pedersen
Norwegian Public Roads Administration
Postal address: Statens vegvesen Vegdirektoratet, Postboks 8142 Dep, 0033 OSLO
Office address: Brynsengfaret 6A, OSLO
Mobile: +47 99117502 e-mail/Lync:
[email protected]<mailto:[email protected]>
www.vegvesen.no<http://www.vegvesen.no> e-mail:
[email protected]<mailto:[email protected]>
Please consider the environment before printing this e-mail
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
