May I kindly ask to tell me what you did with certificate files, Colton? Sent from iPhone
> On Nov 12, 2020, at 19:55, Colton Conor via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > ļ»æ > We use a wildcard on PF without a problem. > >> On Thu, Nov 12, 2020 at 3:51 PM Michael Brown via PacketFence-users >> <packetfence-users@lists.sourceforge.net> wrote: >> I have a wildcard from Digicert and used this to get the cert: >> Apache: CSR & SSL Installation (OpenSSL) >> >> Apache: CSR & SSL Installation (OpenSSL) >> Apache: Generating your Apache CSR with OpenSSL and installing your SSL >> certificate and Mod_SSL web server confi... >> >> >> Also, when requesting the duplicate from Digicert it allows you to enter >> additional SANs beyond the *.domain.com. I put my pf.domain.com as one of >> the SANs when requesting the duplicate. I also used WinSCP to connect to my >> packetfence server to get the csr and key files. I know that's not needed >> but just thought I would mention it. >> >> >> >> >> On Thursday, November 12, 2020, 04:29:50 PM EST, ypefti--- via >> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >> >> >> More digging, more tries, more frustrations š >> Further to my previous email. I replaced three files from SSL folder with >> files that correspond to the new certificated, i.e. >> /usr/local/pf/conf/ssl/server.key >> /usr/local/pf/conf/ssl/server.crt >> /usr/local/pf/conf/ssl/server.pem >> >> PF web interface said bye-bye to me. Why do I see this error in >> /usr/local/pf/logs/httpd.webservices.error >> >> Nov 12 13:04:07 pf httpd_webservices_err: AH00558: httpd: Could not reliably >> determine the server's fully qualified domain name, using >> fe80::250:56ff:fe8a:e674. Set the 'ServerName' directive globally to >> suppress this message >> >> What happened to Apache and PF ? >> >> And what drives me mad is the fact that if I put old certificate files back >> I still can't login via PF GUI. >> Having this error: >> >> A networking error occurred. Is the API service running? >> >> Eugene >> >> -----Original Message----- >> From: ype...@gmail.com <ype...@gmail.com> >> Sent: Thursday, November 12, 2020 11:26 AM >> To: packetfence-users@lists.sourceforge.net >> Cc: 'mj' <li...@merit.unu.edu> >> Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on PF >> >> Thank you, MJ, >> It looks like questions asked here are replied selectively. >> At least out of 4 questions that I asked only this one was finally "noticed" >> after the resend š >> I wouldn't bother the list with my questions if the procedure is well >> documented and works. >> The existing documentation mentions only this: >> >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> "Upon PacketFence installation, self-signed certificates will be created in >> /usr/local/pf/conf/ssl (server.key and server.crt). Those certificates can >> be replaced anytime by your 3rd-party or existing wild card certificate >> without problems. Please note that the CN (Common Name) needs to be the same >> as the one defined in the PacketFence configuration file (pf.conf)." >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> >> This is very confusing. We all know that CN in the wildcard certificate >> looks like this: >> *.example.com >> How would I make use of it with PF ? >> >> If you refer me to Let's Encrypt certificates should I understand that I >> need to do it from www.sslforfree.com And what's the correct procedure to >> install an SSL certificate to PF. Never saw it in the documentation. >> I need it for a captive portal. >> >> Eugene >> >> -----Original Message----- >> From: mj via PacketFence-users <packetfence-users@lists.sourceforge.net> >> Sent: Wednesday, November 11, 2020 1:38 AM >> To: packetfence-users@lists.sourceforge.net >> Cc: mj <li...@merit.unu.edu> >> Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF >> >> Hi Eugene, >> >> The list has always been alive, from where we are. :-) >> >> Anyway: I would encourage you to take a look a Let's Encrypt certificates >> with packetfence. I think they are a bit more secure than a wildcard >> certificate, plus they are free and work very well. >> >> (there are some threads on this mailinglist on that subject) >> >> Good luck, >> MJ >> >> On 11/10/20 5:31 PM, E.P. via PacketFence-users wrote: >> > Since this group suddenly became alive I dare asking my previous again >> > š >> > >> > How would I install a wildcard SSL certificate on PF, see more details >> > below >> > >> > Eugene >> > >> > *From:* E.P. <ype...@gmail.com> >> > *Sent:* Saturday, October 31, 2020 2:43 PM >> > *To:* packetfence-users@lists.sourceforge.net >> > *Subject:* Wildcard SSL certificate installation on PF >> > >> > Guys, >> > >> > Iām trying to overcome the issue with a self-signed SSL certificate >> > that PF offers to WiFi authentication via captive portal. >> > >> > This a certificate that is in use by HTTPS sessions >> > >> > Certificate/Key match >> > >> > Chain is invalid >> > >> > common_name >> > >> > 127.0.0.1, emailAddress=supp...@inverse.ca >> > <mailto:emailAddress=supp...@inverse.ca> >> > >> > issuer >> > >> > C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1, >> > emailAddress=supp...@inverse.ca >> > <mailto:emailAddress=supp...@inverse.ca> >> > >> > not_after >> > >> > Oct 7 15:29:09 2021 GMT >> > >> > not_before >> > >> > Oct 7 15:29:09 2020 GMT >> > >> > serial >> > >> > A500DC03671C0E35 >> > >> > subject >> > >> > C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1, >> > emailAddress=supp...@inverse.ca >> > <mailto:emailAddress=supp...@inverse.ca> >> > >> > Is there any way to import and install a company wild card SSL >> > certificate into PF >> > >> > Eugene >> > >> > >> > >> > _______________________________________________ >> > PacketFence-users mailing list >> > PacketFence-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
