Hello Hans, haproxy terminate the ssl tunnel now, so the certificate must be installed for haproxy and not apache anymore.
So you have to do that with your certs: cat /usr/local/pf/conf/ssl/mycert.crt /usr/local/pf/conf/ssl/mycert.key > /usr/local/pf/conf/ssl/server.pem Also since haproxy is in front of apache then it listen on the registration interface. Don't forget to restart haproxy. Regards Fabrice Le 2017-05-07 à 01:28, Hans Johnson a écrit : > Hi Everyone, > > A couple of issues… First, the copy of ZEN 7.0 that’s currently up on the > website won’t deploy, at least from vcenter 6.5 (throws an error related to > the XML file in the ova). It did, however deploy from the old fat client, > deploying to one of my hosts that is still running vmware 6.0. > > Now for the more annoying problem I’m facing: > > I’m working on standing up packetfence ZEN 7.0, and have run into a > frustrating problem. > > I pretty much had everything working in a test environment, the switch was > doing MAB, I could log in, the port would get assigned to the correct VLAN, > everything was great. > > The last step was to swap out the self-signed certificate that shipped with > the system for our organization’s wildcard. I moved the certificate onto the > server, swapped out the configuration files, and rebooted. I just dropped > them in in place of the original .key and .crt files, and also pointed to the > intermediate certificates. > > After doing so, the admin interface came right back up using the correct > certificate. At first, I ran into a situation where the captive portal was > still using the self-signed certificate. I noticed there was a .pem in there, > which I removed, and ever since then the portal has refused to connect. > > When I look the httpd.portal file that was generated for the portal, under > /usr/local/pf/var/ it shows that it is telling it to listen on 127.0.0.1, > rather than my registration VLAN. I’ve tried deleting the interfaces, > restarting things, and re-creating the interfaces, and no joy. I’ve tried > removing the auto-generated httpd.portal, config file, and when it’s > regenerated, it sitll comes up as 127.0.0.1. > > I’m pretty much at my wits end here. I would appreciate where to go from here. > > Thanks! > > Hans > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
