Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI
Yeah… Now I had to slap my right hand with a left one. My bad… I set this file to the correct path but instead of MYCA certificate I put the certificate name of the server itself. Bow low, Fabrice ! Thank you very much ! Eugene From: Fabrice Durand [mailto:fdur...@inverse.ca] Sent: Wednesday, January 10, 2018 1:10 PM To: E.P.; packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Did you set ca_file = [% install_dir %]/conf/ssl/tls_certs/MYCA.pem in conf/radiusd/eap.conf ? (MYCA.pem is the CA public key of of your PKI) Le 2018-01-10 à 15:43, E.P. a écrit : More to this issue, Fabrice, I changed to PEAP method on the same Windows laptop and kept an option of validating server certificate by pointing it directly the name as it shows in CN of the PF RADIUS server. No problem at all, authentication goes through. I checked for similar errors reported by PF enthusiasts earlier and found that this is not the first time and you advised to concatenate the root certificate in CA file. What did you mean by it, Fabrice ? Eugene From: E.P. [mailto:ype...@gmail.com] Sent: Wednesday, January 10, 2018 11:14 AM To: packetfence-users@lists.sourceforge.net Cc: 'Fabrice Durand' Subject: RE: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Hi Fabrice, I already dug it around. The CA certificate (*.pem format) was imported into Windows without any problem and I see it under “Trusted Root Certification Authorities” container. Just in case placed the CA cert into “Third –party root certification authority” On the client PC I have this certificate showing: Also, tried it without validating server certificate, same results, reason - eap_tls: SSL says error 20 : unable to get local issuer certificate Eugene From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Wednesday, January 10, 2018 6:07 AM To: E.P. via PacketFence-users Cc: Fabrice Durand Subject: Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Hello Eugene, you probably need to import the CA certificate or uncheck verify server certificate in your supplicant config. Regards Fabrice Le 2018-01-10 à 03:57, E.P. via PacketFence-users a écrit : And here comes the culmination of my saga with PKI ;) Actually, I was slowly going towards it and really hoped I will jump through this final hoop smoothly. Alas… Anyways, to cut the long story short, I failed TLS authentication for Windows 10 endpoint. Here’s what I did so far. We want to issue certificates to users based on MAC addresses of their devices. Hence I added a new certificate and used MAC address in CN field in the format 70:1a:04:2c:52:ff The profile I used while issuing this certificate was created exactly as it was described in the admin guide for PKI, namely TLSClient. Then I downloaded this certificate after it was signed and imported to Windows laptop. The security properties of the wireless connection profile on the laptop was configured to use TLS, i.e. Microsoft: Smart card or other certificate Trying to authenticate while running radius in debug mode and see a lot of interesting stuff. Pasting only relevant lines: (5) eap_tls: Continuing EAP-TLS (5) eap_tls: Got final TLS record fragment (46 bytes) (5) eap_tls: [eaptls verify] = ok (5) eap_tls: Done initial handshake (5) eap_tls: <<< recv TLS 1.0 Handshake [length 03ac], Certificate (5) eap_tls: Creating attributes from certificate OIDs (5) eap_tls: TLS-Client-Cert-Serial := "03" (5) eap_tls: TLS-Client-Cert-Expiration := "200110080019Z" (5) eap_tls: TLS-Client-Cert-Subject := <mailto:/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=OptionsCommunityServices/C=CA> "/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Issuer := <mailto:/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=BritishColumbia/O=OptionsCommunityServices/C=CA> "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British Columbia/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Common-Name := "70:1a:04:2c:52:ff" (5) eap_tls: ERROR: SSL says error 20 : unable to get local issuer certificate (5) eap_tls: ERROR: TLS Alert write:fatal:unknown CA tls: TLS_accept: Error in error (5) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed (5) eap_tls: ERROR: System call (I/O) error (-1) (5) eap_tls: ERROR: TLS receive handshake failed during operation (5) eap_tls: ERROR: [eaptls process] = fail (5) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed (5) eap: Sending
Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI
Did you set ca_file = [% install_dir %]/conf/ssl/tls_certs/MYCA.pem in conf/radiusd/eap.conf ? (MYCA.pem is the CA public key of of your PKI) Le 2018-01-10 à 15:43, E.P. a écrit : > > More to this issue, Fabrice, > > I changed to PEAP method on the same Windows laptop and kept an option > of validating server certificate by pointing it directly the name as > it shows in CN of the PF RADIUS server. No problem at all, > authentication goes through. > > > > I checked for similar errors reported by PF enthusiasts earlier and > found that this is not the first time and you advised to concatenate > the root certificate in CA file. What did you mean by it, Fabrice ? > > > > Eugene > > > > *From:*E.P. [mailto:ype...@gmail.com] > *Sent:* Wednesday, January 10, 2018 11:14 AM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* 'Fabrice Durand' > *Subject:* RE: [PacketFence-users] Device authentication with client > TLS certificate issued by PKI > > > > Hi Fabrice, > > I already dug it around. > > The CA certificate (*.pem format) was imported into Windows without > any problem and I see it under “Trusted Root Certification > Authorities” container. Just in case placed the CA cert into “Third > –party root certification authority” > > On the client PC I have this certificate showing: > > > > > > > > Also, tried it without validating server certificate, same results, > reason - eap_tls: SSL says error 20 : unable to get local issuer > certificate > > > > Eugene > > > > *From:*Fabrice Durand via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > *Sent:* Wednesday, January 10, 2018 6:07 AM > *To:* E.P. via PacketFence-users > *Cc:* Fabrice Durand > *Subject:* Re: [PacketFence-users] Device authentication with client > TLS certificate issued by PKI > > > > Hello Eugene, > > you probably need to import the CA certificate or uncheck verify > server certificate in your supplicant config. > > Regards > > Fabrice > > > > > > Le 2018-01-10 à 03:57, E.P. via PacketFence-users a écrit : > > And here comes the culmination of my saga with PKI ;) > > Actually, I was slowly going towards it and really hoped I will > jump through this final hoop smoothly. > > Alas… Anyways, to cut the long story short, I failed TLS > authentication for Windows 10 endpoint. > > Here’s what I did so far. We want to issue certificates to users > based on MAC addresses of their devices. > > Hence I added a new certificate and used MAC address in CN field > in the format 70:1a:04:2c:52:ff > > The profile I used while issuing this certificate was created > exactly as it was described in the admin guide for PKI, namely > TLSClient. Then I downloaded this certificate after it was signed > and imported to Windows laptop. > > The security properties of the wireless connection profile on the > laptop was configured to use TLS, i.e. > > Microsoft: Smart card or other certificate > > Trying to authenticate while running radius in debug mode and see > a lot of interesting stuff. > > Pasting only relevant lines: > > > > (5) eap_tls: Continuing EAP-TLS > > (5) eap_tls: Got final TLS record fragment (46 bytes) > > (5) eap_tls: [eaptls verify] = ok > > (5) eap_tls: Done initial handshake > > (5) eap_tls: <<< recv TLS 1.0 Handshake [length 03ac], Certificate > > (5) eap_tls: Creating attributes from certificate OIDs > > (5) eap_tls: TLS-Client-Cert-Serial := "03" > > (5) eap_tls: TLS-Client-Cert-Expiration := "200110080019Z" > > (5) eap_tls: TLS-Client-Cert-Subject := > "/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options > Community Services/C=CA" > > <mailto:/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=OptionsCommunityServices/C=CA> > > (5) eap_tls: TLS-Client-Cert-Issuer := > "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British > Columbia/O=Options Community Services/C=CA" > > <mailto:/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=BritishColumbia/O=OptionsCommunityServices/C=CA> > > (5) eap_tls: TLS-Client-Cert-Common-Name := "70:1a:04:2c:52:ff" > > (5) eap_tls: ERROR: SSL says error 20 : unable to get local > issuer certificate > > > > (5) eap_tls: ERROR: TLS Alert write:fatal:unknown CA > > tls: TLS_accept: Error in error > > (5) eap_tls: ERROR
Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI
More to this issue, Fabrice, I changed to PEAP method on the same Windows laptop and kept an option of validating server certificate by pointing it directly the name as it shows in CN of the PF RADIUS server. No problem at all, authentication goes through. I checked for similar errors reported by PF enthusiasts earlier and found that this is not the first time and you advised to concatenate the root certificate in CA file. What did you mean by it, Fabrice ? Eugene From: E.P. [mailto:ype...@gmail.com] Sent: Wednesday, January 10, 2018 11:14 AM To: packetfence-users@lists.sourceforge.net Cc: 'Fabrice Durand' Subject: RE: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Hi Fabrice, I already dug it around. The CA certificate (*.pem format) was imported into Windows without any problem and I see it under “Trusted Root Certification Authorities” container. Just in case placed the CA cert into “Third –party root certification authority” On the client PC I have this certificate showing: Also, tried it without validating server certificate, same results, reason - eap_tls: SSL says error 20 : unable to get local issuer certificate Eugene From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Wednesday, January 10, 2018 6:07 AM To: E.P. via PacketFence-users Cc: Fabrice Durand Subject: Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Hello Eugene, you probably need to import the CA certificate or uncheck verify server certificate in your supplicant config. Regards Fabrice Le 2018-01-10 à 03:57, E.P. via PacketFence-users a écrit : And here comes the culmination of my saga with PKI ;) Actually, I was slowly going towards it and really hoped I will jump through this final hoop smoothly. Alas… Anyways, to cut the long story short, I failed TLS authentication for Windows 10 endpoint. Here’s what I did so far. We want to issue certificates to users based on MAC addresses of their devices. Hence I added a new certificate and used MAC address in CN field in the format 70:1a:04:2c:52:ff The profile I used while issuing this certificate was created exactly as it was described in the admin guide for PKI, namely TLSClient. Then I downloaded this certificate after it was signed and imported to Windows laptop. The security properties of the wireless connection profile on the laptop was configured to use TLS, i.e. Microsoft: Smart card or other certificate Trying to authenticate while running radius in debug mode and see a lot of interesting stuff. Pasting only relevant lines: (5) eap_tls: Continuing EAP-TLS (5) eap_tls: Got final TLS record fragment (46 bytes) (5) eap_tls: [eaptls verify] = ok (5) eap_tls: Done initial handshake (5) eap_tls: <<< recv TLS 1.0 Handshake [length 03ac], Certificate (5) eap_tls: Creating attributes from certificate OIDs (5) eap_tls: TLS-Client-Cert-Serial := "03" (5) eap_tls: TLS-Client-Cert-Expiration := "200110080019Z" (5) eap_tls: TLS-Client-Cert-Subject := <mailto:/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=OptionsCommunityServices/C=CA> "/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Issuer := <mailto:/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=BritishColumbia/O=OptionsCommunityServices/C=CA> "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British Columbia/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Common-Name := "70:1a:04:2c:52:ff" (5) eap_tls: ERROR: SSL says error 20 : unable to get local issuer certificate (5) eap_tls: ERROR: TLS Alert write:fatal:unknown CA tls: TLS_accept: Error in error (5) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed (5) eap_tls: ERROR: System call (I/O) error (-1) (5) eap_tls: ERROR: TLS receive handshake failed during operation (5) eap_tls: ERROR: [eaptls process] = fail (5) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed (5) eap: Sending EAP Failure (code 4) ID 213 length 4 (5) eap: Failed in EAP select (5) [eap] = invalid (5) } # authenticate = invalid (5) Failed to authenticate the user (5) Login incorrect (eap_tls: SSL says error 20 : unable to get local issuer certificate): [70:1a:04:2c:52:ff] (from client 172.19.254.2 port 0 cli 70:1a:04:2c:52:ff) (5) Using Post-Auth-Type Reject Same happens if I issue the certificate to the user based on its name, not MAC address (5) eap_tls: TLS-Client-Cert-Serial := "04" (5) eap_tls: TLS-Client-Cert-Expiration := "200110083931Z" (5) eap_tls: TLS-Client-Cert-Subject := <mailto:/CN=it.tech/emailAddres
Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI
Hi Fabrice, I already dug it around. The CA certificate (*.pem format) was imported into Windows without any problem and I see it under “Trusted Root Certification Authorities” container. Just in case placed the CA cert into “Third –party root certification authority” On the client PC I have this certificate showing: Also, tried it without validating server certificate, same results, reason - eap_tls: SSL says error 20 : unable to get local issuer certificate Eugene From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Wednesday, January 10, 2018 6:07 AM To: E.P. via PacketFence-users Cc: Fabrice Durand Subject: Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Hello Eugene, you probably need to import the CA certificate or uncheck verify server certificate in your supplicant config. Regards Fabrice Le 2018-01-10 à 03:57, E.P. via PacketFence-users a écrit : And here comes the culmination of my saga with PKI ;) Actually, I was slowly going towards it and really hoped I will jump through this final hoop smoothly. Alas… Anyways, to cut the long story short, I failed TLS authentication for Windows 10 endpoint. Here’s what I did so far. We want to issue certificates to users based on MAC addresses of their devices. Hence I added a new certificate and used MAC address in CN field in the format 70:1a:04:2c:52:ff The profile I used while issuing this certificate was created exactly as it was described in the admin guide for PKI, namely TLSClient. Then I downloaded this certificate after it was signed and imported to Windows laptop. The security properties of the wireless connection profile on the laptop was configured to use TLS, i.e. Microsoft: Smart card or other certificate Trying to authenticate while running radius in debug mode and see a lot of interesting stuff. Pasting only relevant lines: (5) eap_tls: Continuing EAP-TLS (5) eap_tls: Got final TLS record fragment (46 bytes) (5) eap_tls: [eaptls verify] = ok (5) eap_tls: Done initial handshake (5) eap_tls: <<< recv TLS 1.0 Handshake [length 03ac], Certificate (5) eap_tls: Creating attributes from certificate OIDs (5) eap_tls: TLS-Client-Cert-Serial := "03" (5) eap_tls: TLS-Client-Cert-Expiration := "200110080019Z" (5) eap_tls: TLS-Client-Cert-Subject := <mailto:/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=OptionsCommunityServices/C=CA> "/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Issuer := <mailto:/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=BritishColumbia/O=OptionsCommunityServices/C=CA> "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British Columbia/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Common-Name := "70:1a:04:2c:52:ff" (5) eap_tls: ERROR: SSL says error 20 : unable to get local issuer certificate (5) eap_tls: ERROR: TLS Alert write:fatal:unknown CA tls: TLS_accept: Error in error (5) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed (5) eap_tls: ERROR: System call (I/O) error (-1) (5) eap_tls: ERROR: TLS receive handshake failed during operation (5) eap_tls: ERROR: [eaptls process] = fail (5) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed (5) eap: Sending EAP Failure (code 4) ID 213 length 4 (5) eap: Failed in EAP select (5) [eap] = invalid (5) } # authenticate = invalid (5) Failed to authenticate the user (5) Login incorrect (eap_tls: SSL says error 20 : unable to get local issuer certificate): [70:1a:04:2c:52:ff] (from client 172.19.254.2 port 0 cli 70:1a:04:2c:52:ff) (5) Using Post-Auth-Type Reject Same happens if I issue the certificate to the user based on its name, not MAC address (5) eap_tls: TLS-Client-Cert-Serial := "04" (5) eap_tls: TLS-Client-Cert-Expiration := "200110083931Z" (5) eap_tls: TLS-Client-Cert-Subject := <mailto:/CN=it.tech/emailAddress=it.t...@options.bc.ca/ST=BC/O=OptionsCommunityServices/C=CA> "/CN=it.tech/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Issuer := <mailto:/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=BritishColumbia/O=OptionsCommunityServices/C=CA> "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British Columbia/O=Options Community Services/C=CA" (5) eap_tls: TLS-Client-Cert-Common-Name := "it.tech" (5) eap_tls: ERROR: SSL says error 20 : unable to get local issuer certificate Eugene From: Durand fabrice [mailto:fdur...@inverse.ca] Sent: Tuesday, January 09, 2018 2:46 PM To: E.P. Cc: packetfe
Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI
Hello Eugene, you probably need to import the CA certificate or uncheck verify server certificate in your supplicant config. Regards Fabrice Le 2018-01-10 à 03:57, E.P. via PacketFence-users a écrit : > > And here comes the culmination of my saga with PKI ;) > > Actually, I was slowly going towards it and really hoped I will jump > through this final hoop smoothly. > > Alas… Anyways, to cut the long story short, I failed TLS > authentication for Windows 10 endpoint. > > Here’s what I did so far. We want to issue certificates to users based > on MAC addresses of their devices. > > Hence I added a new certificate and used MAC address in CN field in > the format 70:1a:04:2c:52:ff > > The profile I used while issuing this certificate was created exactly > as it was described in the admin guide for PKI, namely TLSClient. Then > I downloaded this certificate after it was signed and imported to > Windows laptop. > > The security properties of the wireless connection profile on the > laptop was configured to use TLS, i.e. > > Microsoft: Smart card or other certificate > > Trying to authenticate while running radius in debug mode and see a > lot of interesting stuff. > > Pasting only relevant lines: > > > > (5) eap_tls: Continuing EAP-TLS > > (5) eap_tls: Got final TLS record fragment (46 bytes) > > (5) eap_tls: [eaptls verify] = ok > > (5) eap_tls: Done initial handshake > > (5) eap_tls: <<< recv TLS 1.0 Handshake [length 03ac], Certificate > > (5) eap_tls: Creating attributes from certificate OIDs > > (5) eap_tls: TLS-Client-Cert-Serial := "03" > > (5) eap_tls: TLS-Client-Cert-Expiration := "200110080019Z" > > (5) eap_tls: TLS-Client-Cert-Subject := > "/CN=70:1a:04:2c:52:ff/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options > Community Services/C=CA" > > (5) eap_tls: TLS-Client-Cert-Issuer := > "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British > Columbia/O=Options Community Services/C=CA" > > (5) eap_tls: TLS-Client-Cert-Common-Name := "70:1a:04:2c:52:ff" > > (5) eap_tls: ERROR: SSL says error 20 : unable to get local issuer > certificate > > > > (5) eap_tls: ERROR: TLS Alert write:fatal:unknown CA > > tls: TLS_accept: Error in error > > (5) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): > error:14089086:SSL routines:ssl3_get_client_certificate:certificate > verify failed > > (5) eap_tls: ERROR: System call (I/O) error (-1) > > (5) eap_tls: ERROR: TLS receive handshake failed during operation > > (5) eap_tls: ERROR: [eaptls process] = fail > > (5) eap: ERROR: Failed continuing EAP TLS (13) session. EAP > sub-module failed > > (5) eap: Sending EAP Failure (code 4) ID 213 length 4 > > (5) eap: Failed in EAP select > > (5) [eap] = invalid > > (5) } # authenticate = invalid > > (5) Failed to authenticate the user > > (5) Login incorrect (eap_tls: SSL says error 20 : unable to get local > issuer certificate): [70:1a:04:2c:52:ff] (from client 172.19.254.2 > port 0 cli 70:1a:04:2c:52:ff) > > (5) Using Post-Auth-Type Reject > > > > Same happens if I issue the certificate to the user based on its name, > not MAC address > > > > (5) eap_tls: TLS-Client-Cert-Serial := "04" > > (5) eap_tls: TLS-Client-Cert-Expiration := "200110083931Z" > > (5) eap_tls: TLS-Client-Cert-Subject := > "/CN=it.tech/emailAddress=it.t...@options.bc.ca/ST=BC/O=Options > Community Services/C=CA" > > (5) eap_tls: TLS-Client-Cert-Issuer := > "/CN=Options-PF-CA/emailAddress=it.t...@options.bc.ca/ST=British > Columbia/O=Options Community Services/C=CA" > > (5) eap_tls: TLS-Client-Cert-Common-Name := "it.tech" > > (5) eap_tls: ERROR: SSL says error 20 : unable to get local issuer > certificate > > > > Eugene > > > > > > > > *From:*Durand fabrice [mailto:fdur...@inverse.ca] > *Sent:* Tuesday, January 09, 2018 2:46 PM > *To:* E.P. > *Cc:* packetfence-users@lists.sourceforge.net > *Subject:* Re: [PacketFence-users] PKI installation > > > > The admin user is different between PacketFence and the PKI. > > When i said "In configuration -> Users -> Edit admin -> Change User > Password" in was in the pki admin interface. > > Fabrice > > > > > > Le 2018-01-09 à 13:47, E.P. a écrit : > > Sorry for being a pain in the lower part of the back, Fabrice ;) > > I thought that the admin user in PF is different from PKI. > > At least I know that I did change the password for admin in PF as > you described and this is how I login to the main GUI. > > But I can’t login as admin with the same password to PKI. > > > > Eugene > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca ::