Re: [PacketFence-users] Captive Portal certificate

Tue, 21 Nov 2017 09:42:06 -0800 

Hi Fabrice,

I’m actually trying to fix my bug about certificates. I did the same thing as 
said in previous mails.

My administration’s board ( https://server:1443/admin/ ) is certificated but my 
portal board is not.

How can I do the trick to fix it ?

Regards,
Yohann

________________________________
Yohann  LE GALL
Administrateur Systèmes et Réseaux junior
[http://biocoop.eu/SignatureBiocoop/OWA_trait_biocoop.png]



[http://biocoop.eu/SignatureBiocoop/OWA_logo_Biocoop.png]<http://www.biocoop.fr/>
[http://biocoop.eu/SignatureBiocoop/OWA_text_logo.png]<http://www.biocoop.fr/>
www.biocoop.fr<http://www.biocoop.fr>

[http://biocoop.eu/SignatureBiocoop/OWA_instagram.png]<https://www.instagram.com/biocoop_officiel/?hl=fr>
  [http://biocoop.eu/SignatureBiocoop/OWA_Twitter.png] 
<http://twitter.com/biocoop/>   
[http://biocoop.eu/SignatureBiocoop/OWA_logo_pinterest.png] 
<http://fr.pinterest.com/biocoop/>   
[http://biocoop.eu/SignatureBiocoop/OWA_FACEBOOK.png] 
<https://fr-fr.facebook.com/Biocoop>


Adoptez l'éco-attitude: N'imprimez ce document que si nécessaire


De : Luís Torres via PacketFence-users 
[mailto:[email protected]]
Envoyé : mardi 3 octobre 2017 16:52
À : [email protected]
Cc : Luís Torres <[email protected]>
Objet : Re: [PacketFence-users] Captive Portal certificate


Fabrice,



my bad..., the crt and key was not correctly exported.

Followed this procudure from de .pfx and it worked like you said:



ake the file you exported (e.g. certname.pfx) and copy it to a system where you 
have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes 
both the certificate and the private key.

Run the following command to export the private key: openssl pkcs12 -in 
certname.pfx -nocerts -out key.pem -nodes
Run the following command to export the certificate: openssl pkcs12 -in 
certname.pfx -nokeys -out cert.pem
Run the following command to remove the passphrase from the private key: 
openssl rsa -in key.pem -out server.key



Thanks





Em 2017-10-03 14:54, Fabrice Durand via PacketFence-users escreveu:

You probably did a mistake with the concatenated certificate.

Is there any empty lines in the file ?

Le 2017-10-03 à 09:48, Luís Torres via PacketFence-users a écrit :

Hi Fabrice,



Just did that, restarted the haproxy but the result was :



ERROR pfcmd.pl(50729): pf::services::manager::haproxy=HASH(0xade6b0)->name died 
or has failed to start (pf::services::manager::postStartCleanup)



the service HAproxy wont start



regards

LT



Em 2017-10-03 14:13, Fabrice Durand via PacketFence-users escreveu:

In fact haproxy terminate the ssl tunnel so you don't have to change the 
ssl-certificates.conf file.

This file is just use for the admin interface now and not the portal anymore.

So just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate files)

cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key > conf/ssl/server.pem

Regards

Fabrice



Le 2017-10-03 à 05:25, Luís Torres via PacketFence-users a écrit :

thank you Fabrice,



The ssl-certificates.conf should be like this as well? :



SSLCertificateChainFile %%install_dir%%/conf/ssl/server.pem





cheers



Em 2017-10-02 23:49, Durand fabrice via PacketFence-users escreveu:

Hello Luís,

you need to concatenate the certificates like that:

cat conf/ssl/server.crt conf/ssl/server.key > conf/ssl/server.pem

and restart haproxy



Regards

Fabrice



Le 2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit :

Hi,



to stop the cert error on the captive portal, its only need to change it on 
ssl-certificates.conf to point to the correct ones?



thanks




------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users


------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users






------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--

Fabrice Durand

[email protected]<mailto:[email protected]> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users






------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--

Fabrice Durand

[email protected]<mailto:[email protected]> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to