Fabrice,
my bad..., the crt and key was not correctly exported.
Followed this procudure from de .pfx and it worked like you said:
ake the file you exported (e.g. certname.pfx) and copy it to a system
where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12
format and includes both the certificate and the private key.
Run the
following command to export the private key: openssl pkcs12 -in
certname.pfx -nocerts -out key.pem -nodes
Run the following command to
export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out
cert.pem
Run the following command to remove the passphrase from the
private key: openssl rsa -in key.pem -out server.key
Thanks
Em
2017-10-03 14:54, Fabrice Durand via PacketFence-users escreveu:
> You
probably did a mistake with the concatenated certificate.
>
> Is there
any empty lines in the file ?
>
> Le 2017-10-03 à 09:48, Luís Torres
via PacketFence-users a écrit :
>
>> Hi Fabrice,
>>
>> Just did
that, restarted the haproxy but the result was :
>>
>> ERROR
pfcmd.pl(50729): pf::services::manager::haproxy=HASH(0xade6b0)->name
died or has failed to start (pf::services::manager::postStartCleanup)
>>
>> the service HAproxy wont start
>>
>> regards
>>
>> LT
>>
>> Em 2017-10-03 14:13, Fabrice Durand via PacketFence-users escreveu:
>>
>>> In fact haproxy terminate the ssl tunnel so you don't have to
change the ssl-certificates.conf file.
>>>
>>> This file is just use
for the admin interface now and not the portal anymore.
>>>
>>> So
just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate files)
>>>
>>> cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key >
conf/ssl/server.pem
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>> Le
2017-10-03 à 05:25, Luís Torres via PacketFence-users a écrit :
>>>
>>>> thank you Fabrice,
>>>>
>>>> The ssl-certificates.conf should be
like this as well? :
>>>>
>>>> _SSLCERTIFICATECHAINFILE
%%INSTALL_DIR%%/CONF/SSL/SERVER.PEM_
>>>>
>>>> cheers
>>>>
>>>> Em
2017-10-02 23:49, Durand fabrice via PacketFence-users escreveu:
>>>>
>>>>> Hello Luís,
>>>>>
>>>>> you need to concatenate the
certificates like that:
>>>>>
>>>>> cat conf/ssl/server.crt
conf/ssl/server.key > conf/ssl/server.pem
>>>>>
>>>>> and restart
haproxy
>>>>>
>>>>> Regards
>>>>>
>>>>> Fabrice
>>>>>
>>>>> Le
2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit :
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> to stop the cert error on the captive
portal, its only need to change it on ssl-certificates.conf to point to
the correct ones?
>>>>>>
>>>>>> thanks
>>>>>>
>>>>>>
------------------------------------------------------------------------------
>>>>>>
Check out the vibrant tech community on one of the world's most
>>>>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>>>>>
>>>>>> _______________________________________________
>>>>>>
PacketFence-users mailing list
>>>>>>
[email protected]
>>>>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>>>
>>>>>
------------------------------------------------------------------------------
>>>>>
Check out the vibrant tech community on one of the world's most
>>>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>>>>
>>>>> _______________________________________________
>>>>>
PacketFence-users mailing list
>>>>>
[email protected]
>>>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>>
>>>>
------------------------------------------------------------------------------
>>>>
Check out the vibrant tech community on one of the world's most
>>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>>>
>>>> _______________________________________________
>>>>
PacketFence-users mailing list
>>>>
[email protected]
>>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>
>>> --
>>> Fabrice Durand
>>> [email protected] :: +1.514.447.4918
(x135) :: www.inverse.ca [3]
>>> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5])
>>>
>>>
------------------------------------------------------------------------------
>>>
Check out the vibrant tech community on one of the world's most
>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>>
>>>
_______________________________________________
>>> PacketFence-users
mailing list
>>> [email protected]
>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>
>>
------------------------------------------------------------------------------
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>
>>
_______________________________________________
>> PacketFence-users
mailing list
>> [email protected]
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>
>
--
> Fabrice Durand
> [email protected] :: +1.514.447.4918 (x135) ::
www.inverse.ca [3]
> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5])
>
>
------------------------------------------------------------------------------
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>
>
_______________________________________________
> PacketFence-users
mailing list
> [email protected]
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
Links:
------
[1] http://sdm.link/slashdot
[2]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[3]
http://www.inverse.ca
[4] http://www.sogo.nu
[5] http://packetfence.org
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
