> On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl <ds...@earthcolor.com> wrote:
>
> Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl
> tunnel. Thanks for that explanation.
> Sorry, I didn’t pick that up right away.
>
> I changed var/conf/haproxy.conf to point at my certificates, and every time I
> restart the service, it rewrites haproxy.conf file back to using server.pem.
>
That's the expected behaviour.
That file is actually generated based on your configuration, every time your
start the service.
> So reading your response again, it sounds like my concatenated certificate
> might need to be named ‘server.pem’.
> If I rename my certificate to ‘server.pem’, it works as desired.
> Is that the way to do it? Or am I still off-base?
That's the way to go.
> ‘server.pem’ won’t get overwritten by an ugrade?
>
This is what the packetfence.spec file does:
#Make ssl certificate
if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then
openssl req -x509 -new -nodes -days 365 -batch\
-out /usr/local/pf/conf/ssl/server.crt\
-keyout /usr/local/pf/conf/ssl/server.key\
-nodes -config /usr/local/pf/conf/openssl.cnf
cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key >
/usr/local/pf/conf/ssl/server.pem
fi
So as long as you have a file named "/usr/local/pf/conf/ssl/server.crt" it
won't overwrite the server.pem.
I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users