Hello Johannes, Turn off the intermediates fetch automatically and add your own ca manually.
PF can’t reach the intermediates so it fails. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Mar 10, 2023, at 2:32 AM, Mudrich, J. <j.mudr...@altmark-klinikum.de> > wrote: > > Hello Ludovic, > > yes, I am using an internal PKI. I even verified the chain with openssl: > > root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile > /etc/ssl/certs/akgaca.ak.local.pem server.crt > server.crt: OK > root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile > /etc/ssl/certs/akgaca.ak.local.pem server.pem > server.pem: OK > > PF gives me the following error message: > > Failed verifying chain: error stdin: verification failed . Unable to fetch > all the intermediates through the information contained in the certificate. > You will have to upload the intermediate chain manually in x509 (Apache) > format. > config/certificate/http > > There are no intermediates! > > you’ll find the chain attached. > > Kind regards > Johannes > > > > > > Johannes Mudrich > Mitarbeiter > IT > > Altmark-Klinikum gGmbH > Ernst-von-Bergmann-Straße 22 > 39638 Gardelegen > > Tel.: 03907 791229 > Fax.: 03907 791248 > Mail: j.mudr...@altmark-klinikum.de <mailto:j.mudr...@altmark-klinikum.de> > Von: Zammit, Ludovic [mailto:luza...@akamai.com] > Gesendet: Donnerstag, 9. März 2023 21:07 > An: PacketFence-users <packetfence-users@lists.sourceforge.net> > Cc: Mudrich, J. <j.mudr...@altmark-klinikum.de> > Betreff: Re: [PacketFence-users] change HTTPs cert; chain invalid > > Hello Johannes, > > I’m assuming you are issuing a certificate from your internal PKI right ? > > Can you show me the chain and the error that you have currently ? > > Thanks, > > > > Ludovic Zammit > Product Support Engineer Principal Lead > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: > <https://community.akamai.com/> <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fPWhC3FN$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fN_9RWU_$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fNTS3lOw$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fMaIzvgm$> > > > > On Mar 9, 2023, at 3:01 AM, Mudrich, J. via PacketFence-users > <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> wrote: > > Hi, > > I would like to change the existing HTTPs cert. So I created one in my own > CA. Added the cert and key into Configuration -> System Configuration -> SSL > Certificates. > Then I added my CA root cert to /usr/local/share/ca-certificates and ran > update-ca-certificates. It’s now present in /etc/ssl/certs. > > But PF still says “Chain is invalid”. Do I need to add the root cert > somewhere else? > > Thanks > Johannes > > > > Johannes Mudrich > Mitarbeiter > IT > > Altmark-Klinikum gGmbH > Ernst-von-Bergmann-Straße 22 > 39638 Gardelegen > Tel.: > 03907 791229 > Fax.: > 03907 791248 > Mail: > j.mudr...@altmark-klinikum.de <mailto:j.mudr...@altmark-klinikum.de> > > > > <sah.png> > <https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPd9yqhOgg$> > > Salus Altmark Holding gGmbH > Tel.: +49 39325700 <tel:+4939325700> > Sitz der Gesellschaft: > Seepark 5 | 39116 Magdeburg > www.salusaltmarkholding.de > <https://urldefense.com/v3/__https:/www.salusaltmarkholding.de__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPeOhBf_Nw$> > <instagram.png> > <https://urldefense.com/v3/__https:/www.instagram.com/salusaltmarkholding/__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPfRjBQXeg$> > <facebook.png> > <https://urldefense.com/v3/__https:/www.facebook.com/SalusAltmarkHolding__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPd_1ZGV3Q$> > <linkedin.png> > <https://urldefense.com/v3/__https:/de.linkedin.com/company/salus-ggmbh__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPcF1p6E3g$> > <xing.png> > <https://urldefense.com/v3/__https:/www.xing.com/pages/salusaltmarkholdingggmbh__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPduV2l-4Q$> > <youtube.png> > <https://urldefense.com/v3/__https:/www.youtube.com/user/SALUSgGmbH__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdElWNwDQ$> > Registergericht: AG Stendal: HRB 112594 > Geschäftsführer: Jürgen Richter > Aufsichtsratsvorsitz: Wolfgang Beck > Gemäß Art. 13 DSGVO informieren wir darüber, dass Ihre Daten elektronisch > gespeichert werden. Nähere Informationen: > www.salusaltmarkholding.de/datenschutz > <https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/datenschutz__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPfFxdQOHA$> > Ab Januar 2022 nehmen wir keine Mails mit doc-, xls- und ppt-Anhängen mehr an. > Bitte verwenden Sie die aktuellen Office-Formate docx, xlsx, pptx oder pdf. > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdRm2s2vg$ > > <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdRm2s2vg$> > > <chain.pem>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
