Hello,
thank you it works now !
Virginie Girou
Equipe systeme
DSI - UT1 Capitole
Tel : +33 (0)5.61.63.39.19
Le 28/04/2017 23:53, Sokolowski, Darryl a écrit :
Fantastic!
We’re up and running!
Thanks again to all for your help!
Darryl
*From:*Louis Munro [mailto:lmu...@inverse.ca]
*Sent:* Friday, April 28, 2017 5:46 PM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Captive portal SSL not using
defined cert after PF7 upgrade
On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl
<ds...@earthcolor.com <mailto:ds...@earthcolor.com>> wrote:
Oh, ok, now I understand what Fabrice meant about haproxy
terminating the ssl tunnel. Thanks for that explanation.
Sorry, I didn’t pick that up right away.
I changed var/conf/haproxy.conf to point at my certificates, and
every time I restart the service, it rewrites haproxy.conf file
back to using server.pem.
That's the expected behaviour.
That file is actually generated based on your configuration, every
time your start the service.
So reading your response again, it sounds like my concatenated
certificate might need to be named ‘server.pem’.
If I rename my certificate to ‘server.pem’, it works as desired.
Is that the way to do it? Or am I still off-base?
That's the way to go.
‘server.pem’ won’t get overwritten by an ugrade?
This is what the packetfence.spec file does:
#Make ssl certificate
if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then
openssl req -x509 -new -nodes -days 365 -batch\
-out /usr/local/pf/conf/ssl/server.crt\
-keyout /usr/local/pf/conf/ssl/server.key\
-nodes -config /usr/local/pf/conf/openssl.cnf
cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key >
/usr/local/pf/conf/ssl/server.pem
fi
So as long as you have a file named
"/usr/local/pf/conf/ssl/server.crt" it won't overwrite the server.pem.
I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
and PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------
>>> CONFIDENTIALITY NOTICE <<<
This electronic mail (e-mail) message, including any and/or all
attachments, is for the sole use of the intended recipient(s), and may
contain confidential and/or privileged information, pertaining to
business conducted under the direction and supervision of EarthColor,
Inc. All e-mail messages, which may have been established as expressed
views and/or opinions (stated either within the e-mail message or any
of its attachments), are left to the sole responsibility of that of
the sender, and are not necessarily attributed to EarthColor, Inc.
Unauthorized interception, review, use, disclosure or distribution of
any such information contained within this e-mail message and/or its
attachment(s), is(are) strictly prohibited. If you are not the
intended recipient, please contact the sender by replying to this
e-mail message, along with the destruction of all copies of the
original e-mail message (along with any attachments).
!DSPAM:67760,5903cfd8169611367415823!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
!DSPAM:67760,5903cfd8169611367415823!
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
!DSPAM:67760,5903cfd8169611367415823!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
