Hello Ludovic, thanks for the hint. It works. So adding my CA to the ca-certificates wasn’t necessary?
Kind regards Johannes Johannes Mudrich Mitarbeiter IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de Von: Zammit, Ludovic [mailto:luza...@akamai.com] Gesendet: Montag, 13. März 2023 16:35 An: Mudrich, J. <j.mudr...@altmark-klinikum.de> Cc: PacketFence-users <packetfence-users@lists.sourceforge.net> Betreff: Re: [PacketFence-users] change HTTPs cert; chain invalid Hello Johannes, Turn off the intermediates fetch automatically and add your own ca manually. PF can’t reach the intermediates so it fails. Thanks, Ludovic Zammit Product Support Engineer Principal Lead [https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [https://www.akamai.com/us/en/multimedia/images/custom/community.jpg]<https://community.akamai.com>[https://www.akamai.com/us/en/multimedia/images/custom/rss.png]<http://blogs.akamai.com>[https://www.akamai.com/us/en/multimedia/images/custom/twitter.png]<https://twitter.com/akamai>[https://www.akamai.com/us/en/multimedia/images/custom/fb.png]<http://www.facebook.com/AkamaiTechnologies>[https://www.akamai.com/us/en/multimedia/images/custom/in.png]<http://www.linkedin.com/company/akamai-technologies>[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]<http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Mar 10, 2023, at 2:32 AM, Mudrich, J. <j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de>> wrote: Hello Ludovic, yes, I am using an internal PKI. I even verified the chain with openssl: root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile /etc/ssl/certs/akgaca.ak.local.pem server.crt server.crt: OK root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile /etc/ssl/certs/akgaca.ak.local.pem server.pem server.pem: OK PF gives me the following error message: Failed verifying chain: error stdin: verification failed . Unable to fetch all the intermediates through the information contained in the certificate. You will have to upload the intermediate chain manually in x509 (Apache) format. config/certificate/http There are no intermediates! you’ll find the chain attached. Kind regards Johannes Johannes Mudrich Mitarbeiter IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de> Von: Zammit, Ludovic [mailto:luza...@akamai.com] Gesendet: Donnerstag, 9. März 2023 21:07 An: PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> Cc: Mudrich, J. <j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de>> Betreff: Re: [PacketFence-users] change HTTPs cert; chain invalid Hello Johannes, I’m assuming you are issuing a certificate from your internal PKI right ? Can you show me the chain and the error that you have currently ? Thanks, Ludovic Zammit Product Support Engineer Principal Lead [https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [https://www.akamai.com/us/en/multimedia/images/custom/community.jpg]<https://community.akamai.com/>[https://www.akamai.com/us/en/multimedia/images/custom/rss.png]<http://blogs.akamai.com/>[https://www.akamai.com/us/en/multimedia/images/custom/twitter.png]<https://urldefense.com/v3/__https:/twitter.com/akamai__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fPWhC3FN$>[https://www.akamai.com/us/en/multimedia/images/custom/fb.png]<https://urldefense.com/v3/__http:/www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fN_9RWU_$>[https://www.akamai.com/us/en/multimedia/images/custom/in.png]<https://urldefense.com/v3/__http:/www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fNTS3lOw$>[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]<https://urldefense.com/v3/__http:/www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Xu2-vkqy9fYUd9tzi-GCQCREO4Si-iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fMaIzvgm$> On Mar 9, 2023, at 3:01 AM, Mudrich, J. via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi, I would like to change the existing HTTPs cert. So I created one in my own CA. Added the cert and key into Configuration -> System Configuration -> SSL Certificates. Then I added my CA root cert to /usr/local/share/ca-certificates and ran update-ca-certificates. It’s now present in /etc/ssl/certs. But PF still says “Chain is invalid”. Do I need to add the root cert somewhere else? Thanks Johannes Johannes Mudrich Mitarbeiter IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de> <sah.png><https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPd9yqhOgg$> Salus Altmark Holding gGmbH Tel.: +49 39325700<tel:+4939325700> Sitz der Gesellschaft: Seepark 5 | 39116 Magdeburg www.salusaltmarkholding.de<https://urldefense.com/v3/__https:/www.salusaltmarkholding.de__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPeOhBf_Nw$> <instagram.png><https://urldefense.com/v3/__https:/www.instagram.com/salusaltmarkholding/__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPfRjBQXeg$> <facebook.png><https://urldefense.com/v3/__https:/www.facebook.com/SalusAltmarkHolding__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPd_1ZGV3Q$> <linkedin.png><https://urldefense.com/v3/__https:/de.linkedin.com/company/salus-ggmbh__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPcF1p6E3g$> <xing.png><https://urldefense.com/v3/__https:/www.xing.com/pages/salusaltmarkholdingggmbh__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPduV2l-4Q$> <youtube.png><https://urldefense.com/v3/__https:/www.youtube.com/user/SALUSgGmbH__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdElWNwDQ$> Registergericht: AG Stendal: HRB 112594 Geschäftsführer: Jürgen Richter Aufsichtsratsvorsitz: Wolfgang Beck Gemäß Art. 13 DSGVO informieren wir darüber, dass Ihre Daten elektronisch gespeichert werden. Nähere Informationen: www.salusaltmarkholding.de/datenschutz<https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/datenschutz__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPfFxdQOHA$> Ab Januar 2022 nehmen wir keine Mails mit doc-, xls- und ppt-Anhängen mehr an. Bitte verwenden Sie die aktuellen Office-Formate docx, xlsx, pptx oder pdf. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdRm2s2vg$<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WsewEUs4-DrA1lKq2qVDSWViGAHRPk7SXJl2S32l-FT17Pq-N8PACTmx4ZPtueZ5vxBfBLQw-JNqMZTqdGHr0vJeNo6QdPdRm2s2vg$> <chain.pem>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
