Re: [PacketFence-users] SSL cert problem with mobile devices
Hi Jake, happy new year too. as i remember comodo change there root ca so if you can fetch a device with the issue to be sure that the comodo root ca is up to date. Regards Fabrice Le 2017-01-05 à 16:05, Sallee, Jake a écrit : > Fabrice! I hope all is well for you, happy new year! > >> does these devices have the ca public certificate ? > Yes, and it is signed by comodo. > > IIRC comodo offers a chain cert to us, I wonder if I could just use that one. > > The cert is our domain wildcard so even though haproxy is terminating the SSL > connection it should still work ... should being the operative term. > > > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > > From: Durand fabrice <fdur...@inverse.ca> > Sent: Wednesday, January 4, 2017 8:47 PM > To: packetfence-users@lists.sourceforge.net > Subject: Re: [PacketFence-users] SSL cert problem with mobile devices > > Hello Jake, > > does these devices have the ca public certificate ? > > Also in cluster config keep in mind that haproxy terminate the ssl > tunnel so do : > > cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > > /usr/local/pf/conf/ssl/server.pem (with your own files) > > and restart haproxy > > Regards > > Fabrice > > > > Le 2017-01-04 à 18:06, Sallee, Jake a écrit : >> Hello All! >> >> >> PF v6.4.0 >> 2 node cluster >> <\quick info> >> >> This is happening only on mobile devices, phones, tablets, etc. >> >> Mobile device users are getting a security warning about our SSL cert we are >> using on our registration portal. >> >> Desktop users and laptop users do not have this issue. >> >> Mobile users did not have this issue until we moved to using a cluster and >> we are using the exact same certs as before. In the cluster setup >> instructions there are some steps that have you alter the certs, combining >> them into a new cert. I think this is what is causing the mobile devices to >> flip their proverbial lid. >> >> However, I haven't the foggiest idea on how to fix this issue. >> >> Any help would be greatly appreciated. >> >> Jake Sallee >> Godfather of Bandwidth >> System Engineer >> University of Mary Hardin-Baylor >> WWW.UMHB.EDU >> >> 900 College St. >> Belton, Texas >> 76513 >> >> Fone: 254-295-4658 >> Phax: 254-295-4221 >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] SSL cert problem with mobile devices
Fabrice! I hope all is well for you, happy new year! > does these devices have the ca public certificate ? Yes, and it is signed by comodo. IIRC comodo offers a chain cert to us, I wonder if I could just use that one. The cert is our domain wildcard so even though haproxy is terminating the SSL connection it should still work ... should being the operative term. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Durand fabrice <fdur...@inverse.ca> Sent: Wednesday, January 4, 2017 8:47 PM To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] SSL cert problem with mobile devices Hello Jake, does these devices have the ca public certificate ? Also in cluster config keep in mind that haproxy terminate the ssl tunnel so do : cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem (with your own files) and restart haproxy Regards Fabrice Le 2017-01-04 à 18:06, Sallee, Jake a écrit : > Hello All! > > > PF v6.4.0 > 2 node cluster > <\quick info> > > This is happening only on mobile devices, phones, tablets, etc. > > Mobile device users are getting a security warning about our SSL cert we are > using on our registration portal. > > Desktop users and laptop users do not have this issue. > > Mobile users did not have this issue until we moved to using a cluster and we > are using the exact same certs as before. In the cluster setup instructions > there are some steps that have you alter the certs, combining them into a new > cert. I think this is what is causing the mobile devices to flip their > proverbial lid. > > However, I haven't the foggiest idea on how to fix this issue. > > Any help would be greatly appreciated. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] SSL cert problem with mobile devices
Hello Jake, does these devices have the ca public certificate ? Also in cluster config keep in mind that haproxy terminate the ssl tunnel so do : cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem (with your own files) and restart haproxy Regards Fabrice Le 2017-01-04 à 18:06, Sallee, Jake a écrit : > Hello All! > > > PF v6.4.0 > 2 node cluster > <\quick info> > > This is happening only on mobile devices, phones, tablets, etc. > > Mobile device users are getting a security warning about our SSL cert we are > using on our registration portal. > > Desktop users and laptop users do not have this issue. > > Mobile users did not have this issue until we moved to using a cluster and we > are using the exact same certs as before. In the cluster setup instructions > there are some steps that have you alter the certs, combining them into a new > cert. I think this is what is causing the mobile devices to flip their > proverbial lid. > > However, I haven't the foggiest idea on how to fix this issue. > > Any help would be greatly appreciated. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
