Re: [PacketFence-users] change HTTPs cert; chain invalid

Fri, 10 Mar 2023 04:43:09 -0800 

Hello Ludovic,

yes, I am using an internal PKI. I even verified the chain with openssl:

root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile 
/etc/ssl/certs/akgaca.ak.local.pem server.crt
server.crt: OK
root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile 
/etc/ssl/certs/akgaca.ak.local.pem server.pem
server.pem: OK

PF gives me the following error message:

Failed verifying chain: error stdin: verification failed . Unable to fetch all 
the intermediates through the information contained in the certificate. You 
will have to upload the intermediate chain manually in x509 (Apache) format.
config/certificate/http

There are no intermediates!

you’ll find the chain attached.

Kind regards
Johannes






Johannes Mudrich
Mitarbeiter
IT

Altmark-Klinikum gGmbH
Ernst-von-Bergmann-Straße 22
39638 Gardelegen

Tel.:    03907 791229
Fax.:    03907 791248
Mail:    j.mudr...@altmark-klinikum.de
Von: Zammit, Ludovic [mailto:luza...@akamai.com]
Gesendet: Donnerstag, 9. März 2023 21:07
An: PacketFence-users <packetfence-users@lists.sourceforge.net>
Cc: Mudrich, J. <j.mudr...@altmark-klinikum.de>
Betreff: Re: [PacketFence-users] change HTTPs cert; chain invalid

Hello Johannes,

I’m assuming you are issuing a certificate from your internal PKI right ?

Can you show me the chain and the error that you have currently ?

Thanks,


Ludovic Zammit
Product Support Engineer Principal Lead

[https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png]


Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142


Connect with Us:

[https://www.akamai.com/us/en/multimedia/images/custom/community.jpg]<https://community.akamai.com>[https://www.akamai.com/us/en/multimedia/images/custom/rss.png]<http://blogs.akamai.com>[https://www.akamai.com/us/en/multimedia/images/custom/twitter.png]<https://twitter.com/akamai>[https://www.akamai.com/us/en/multimedia/images/custom/fb.png]<http://www.facebook.com/AkamaiTechnologies>[https://www.akamai.com/us/en/multimedia/images/custom/in.png]<http://www.linkedin.com/company/akamai-technologies>[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]<http://www.youtube.com/user/akamaitechnologies?feature=results_main>



On Mar 9, 2023, at 3:01 AM, Mudrich, J. via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hi,

I would like to change the existing HTTPs cert. So I created one in my own CA. 
Added the cert and key into Configuration -> System Configuration -> SSL 
Certificates.
Then I added my CA root cert to /usr/local/share/ca-certificates and ran 
update-ca-certificates. It’s now present in /etc/ssl/certs.

But PF still says “Chain is invalid”. Do I need to add the root cert somewhere 
else?

Thanks
Johannes



Johannes Mudrich
Mitarbeiter
IT

Altmark-Klinikum gGmbH
Ernst-von-Bergmann-Straße 22
39638 Gardelegen
Tel.:

 03907 791229

Fax.:

 03907 791248

Mail:

 j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de>




<sah.png><https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPd9yqhOgg$>

Salus Altmark Holding gGmbH
Tel.: +49 39325700<tel:+4939325700>
Sitz der Gesellschaft:
Seepark 5 | 39116 Magdeburg
www.salusaltmarkholding.de<https://urldefense.com/v3/__https:/www.salusaltmarkholding.de__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPeOhBf_Nw$>

<instagram.png><https://urldefense.com/v3/__https:/www.instagram.com/salusaltmarkholding/__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPfRjBQXeg$>
 
<facebook.png><https://urldefense.com/v3/__https:/www.facebook.com/SalusAltmarkHolding__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPd_1ZGV3Q$>
 
<linkedin.png><https://urldefense.com/v3/__https:/de.linkedin.com/company/salus-ggmbh__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPcF1p6E3g$>
 
<xing.png><https://urldefense.com/v3/__https:/www.xing.com/pages/salusaltmarkholdingggmbh__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPduV2l-4Q$>
 
<youtube.png><https://urldefense.com/v3/__https:/www.youtube.com/user/SALUSgGmbH__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdElWNwDQ$>


Registergericht: AG Stendal: HRB 112594
Geschäftsführer: Jürgen Richter
Aufsichtsratsvorsitz: Wolfgang Beck
Gemäß Art. 13 DSGVO informieren wir darüber, dass Ihre Daten elektronisch 
gespeichert werden. Nähere Informationen: 
www.salusaltmarkholding.de/datenschutz<https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/datenschutz__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPfFxdQOHA$>


Ab Januar 2022 nehmen wir keine Mails mit doc-, xls- und ppt-Anhängen mehr an.
Bitte verwenden Sie die aktuellen Office-Formate docx, xlsx, pptx oder pdf.

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdRm2s2vg$<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdRm2s2vg$>

Attachment: chain.pem
Description: chain.pem

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to