Re: [PacketFence-users] Unable to load a new Radius Certificate generated by an external certification authority

Tue, 21 Mar 2023 11:58:58 -0700 

Hello Mirko,

Just uncheck "Find RADIUS Server intermediate CA(s) automatically” and put the 
intermediate as the Root CA cert that signed the CSR.

PacketFence try to fetch automatically the intermediate from the url inside the 
certificate but can’t do it.

Thanks,



Ludovic Zammit
Product Support Engineer Principal Lead

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:         <https://community.akamai.com/>  
<http://blogs.akamai.com/>  <https://twitter.com/akamai>  
<http://www.facebook.com/AkamaiTechnologies>  
<http://www.linkedin.com/company/akamai-technologies>  
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

> On Mar 21, 2023, at 11:15 AM, sgiops sgiops via PacketFence-users 
> <packetfence-users@lists.sourceforge.net> wrote:
> 
> Hello!
> 
> In order to put in a production environment the PF server, we generated a new 
> certificate for the radius service. This certificate has been generated using 
> the MS certification authority coming with the domain controllers to have the 
> CA already trusted on all the domain computers.  
> I generated the CSR using the PF gui, submitted the certificate to our 
> internal certification authority and retrieved the signed certificate and the 
> CA certificate (all base64).
> 
> When i tried to load the generated certificates (System Configuration -> SSL 
> Certificates -> RADIUS -> Edit Radius Certificate) I obtained that the 
> certification chain is invalid, because the intermediate CA certificates 
> cannot be loaded.
> 
> I do not undestand, there are no intermediate CA's, the certification path is 
> only CA -> Server certificate. 
> 
> Did anyone managed to load certificates from Domain Controller CA? If I use 
> the internal PKI i do not have any problem but a GPO should be prepared in 
> order to diffuse and trust the PKI certificate.
> 
> Thanks
> 
> Mirko
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RmosF-3Vwk31MJT0iZCfshyFOajAts9B3iXHCFaP5A06TJOJLtIoLqrMRpP5BFkdqswu8mW2db4o-bgz2SJ9ETxNt5tAShAwVUlWuA$
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to