Hi Zammit, I tried again with the steps that you wrote, but I get this message:
[cid:262cd32f-5508-4ae2-9792-b3a2c7951775] ________________________________ De: Zammit, Ludovic via PacketFence-users <packetfence-users@lists.sourceforge.net> Enviado: terça-feira, 21 de março de 2023 15:51 Para: PacketFence-users <packetfence-users@lists.sourceforge.net> Cc: Zammit, Ludovic <luza...@akamai.com> Assunto: Re: [PacketFence-users] Unable to load a new Radius Certificate generated by an external certification authority Hello Mirko, Just uncheck "Find RADIUS Server intermediate CA(s) automatically” and put the intermediate as the Root CA cert that signed the CSR. PacketFence try to fetch automatically the intermediate from the url inside the certificate but can’t do it. Thanks, Ludovic Zammit Product Support Engineer Principal Lead [https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [https://www.akamai.com/us/en/multimedia/images/custom/community.jpg] <https://community.akamai.com> [https://www.akamai.com/us/en/multimedia/images/custom/rss.png] <http://blogs.akamai.com> [https://www.akamai.com/us/en/multimedia/images/custom/twitter.png] <https://twitter.com/akamai> [https://www.akamai.com/us/en/multimedia/images/custom/fb.png] <http://www.facebook.com/AkamaiTechnologies> [https://www.akamai.com/us/en/multimedia/images/custom/in.png] <http://www.linkedin.com/company/akamai-technologies> [https://www.akamai.com/us/en/multimedia/images/custom/youtube.png] <http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Mar 21, 2023, at 11:15 AM, sgiops sgiops via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello! In order to put in a production environment the PF server, we generated a new certificate for the radius service. This certificate has been generated using the MS certification authority coming with the domain controllers to have the CA already trusted on all the domain computers. I generated the CSR using the PF gui, submitted the certificate to our internal certification authority and retrieved the signed certificate and the CA certificate (all base64). When i tried to load the generated certificates (System Configuration -> SSL Certificates -> RADIUS -> Edit Radius Certificate) I obtained that the certification chain is invalid, because the intermediate CA certificates cannot be loaded. I do not undestand, there are no intermediate CA's, the certification path is only CA -> Server certificate. Did anyone managed to load certificates from Domain Controller CA? If I use the internal PKI i do not have any problem but a GPO should be prepared in order to diffuse and trust the PKI certificate. Thanks Mirko _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RmosF-3Vwk31MJT0iZCfshyFOajAts9B3iXHCFaP5A06TJOJLtIoLqrMRpP5BFkdqswu8mW2db4o-bgz2SJ9ETxNt5tAShAwVUlWuA$
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
