I checked out a packetfence system setup by Inverse at my other job and noticed
that the certificate has some info above the "-----BEGIN CERTIFICATE-----" line:
"
Bag Attributes
localKeyID: <key>
friendlyName: Wildcard
<oid_of_some_kind>: <bunch_of_hex_values>
<oid_of_some_kind>: <bunch_of_hex_values>
<oid_of_some_kind>: <bunch_of_hex_values>
subject=/CN=<cert_subject>
issuer=<cert_issuer_dn>
"
The certificate file from Lets Encrypt doesn't have this. Is that the problem?
________________________________
From: Eric Rolleman via PacketFence-users
<[email protected]>
Sent: Wednesday, August 21, 2019 10:09 PM
To: [email protected]
<[email protected]>
Cc: Eric Rolleman <[email protected]>
Subject: [PacketFence-users] Creating server.pem for captive portal
I acquired a lets encrypt certificate manually (can't port forward HTTP fro=
the internet to my packetfence server). I replaced the server.crt, server=key
and intermediate.crt files. The admin interface is working with a vali= cert.
I set up the server.pem file with the following commands:
cat privkey.pem > server.pem
cat cert.pem >> server.pem
cat chain.pem >> server.pem
( also tried fullchain.pem instead of the chain.pem as well)
I replaced the server.pem file in the /usr/local/pf/conf/ssl folder and
res=arted the service, but the certificate reports as invalid when I connect t=
the captive portal.
What is the order that I need of keys and certificates in the .pem file?
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
