Turns out I am a dummy and misspelled the domain name. The domain name is long so I didn't notice it at first when first check that.
Thanks for the tip on the cool tool. ________________________________ From: Durand fabrice via PacketFence-users <[email protected]> Sent: Thursday, August 22, 2019 6:01 PM To: [email protected] <[email protected]> Cc: Durand fabrice <[email protected]> Subject: Re: [PacketFence-users] Creating server.pem for captive portal Hello Eric, i use to test my certificate chain here (paste the cert + the intermediate): https://tools.keycdn.com/ssl<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.keycdn.com%2Fssl&data=02%7C01%7C%7Cf40fda50de474d8428a408d72765929d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637021189509337905&sdata=UuSt5siMbgqdBfQrou9cnNeJ6b3XWRltm3MgEDSw1lM%3D&reserved=0> Just verify if from the cert to the CA the chain is valid then add the private key at the end. Regards Fabrice Le 19-08-22 à 14 h 32, Eric Rolleman via PacketFence-users a écrit : I checked out a packetfence system setup by Inverse at my other job and noticed that the certificate has some info above the "-----BEGIN CERTIFICATE-----" line: " Bag Attributes localKeyID: <key> friendlyName: Wildcard <oid_of_some_kind>: <bunch_of_hex_values> <oid_of_some_kind>: <bunch_of_hex_values> <oid_of_some_kind>: <bunch_of_hex_values> subject=/CN=<cert_subject> issuer=<cert_issuer_dn> " The certificate file from Lets Encrypt doesn't have this. Is that the problem? ________________________________ From: Eric Rolleman via PacketFence-users <[email protected]><mailto:[email protected]> Sent: Wednesday, August 21, 2019 10:09 PM To: [email protected]<mailto:[email protected]> <[email protected]><mailto:[email protected]> Cc: Eric Rolleman <[email protected]><mailto:[email protected]> Subject: [PacketFence-users] Creating server.pem for captive portal I acquired a lets encrypt certificate manually (can't port forward HTTP fro= the internet to my packetfence server). I replaced the server.crt, server=key and intermediate.crt files. The admin interface is working with a vali= cert. I set up the server.pem file with the following commands: cat privkey.pem > server.pem cat cert.pem >> server.pem cat chain.pem >> server.pem ( also tried fullchain.pem instead of the chain.pem as well) I replaced the server.pem file in the /usr/local/pf/conf/ssl folder and res=arted the service, but the certificate reports as invalid when I connect t= the captive portal. What is the order that I need of keys and certificates in the .pem file? _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7C%7Cf40fda50de474d8428a408d72765929d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637021189509347928&sdata=Bahl5oWOE7wGFAa6%2B9VqZkALsjhaVKdjQjY%2Bo8gSKuo%3D&reserved=0>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
