Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-08-23 Thread Fabrice Durand via PacketFence-users 
Haproxy terminate the ssl tunnel and not apache anymore (for the portal).

So just this file is enough /usr/local/pf/conf/ssl/server.pem

Regards

Fabrice



Le 2017-08-23 à 03:24, Will Halsall via PacketFence-users a écrit :
>
> I just added the intermediate certificate to the cat process:
>
>  
>
> cat /usr/local/pf/conf/ssl/server.crt
> /usr/local/pf/conf/ssl/server.key
> /usr/local/pf/conf/ssl/intermediates.crt
> >/usr/local/pf/conf/ssl/server.pem
>
>  
>
>  
>
>  
>
> and  uncommented the intermediate certificate in ssl-certificates.conf
>
> Packetfence/conf/httpd.conf.d/ssl-certificates.conf:SSLCertificateChainFile
> %%install_dir%%/conf/ssl/intermediates.crt
>
>  
>
>  
>
> See if that helps
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
> *From:*Thomas, Gregory A via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> *Sent:* Tuesday, August 22, 2017 8:21 PM
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Thomas, Gregory A
> *Subject:* Re: [PacketFence-users] Captive portal SSL not using
> defined cert after PF7 upgrade
>
>  
>
> I know this is an older post but I am having some problems with the
> cert getting to the user’s computer.
>
>  
>
> I have concatenated the crt and key file to a pem. The thing is, I am
> using a wild card cert with a chain so on some machines the user is
> seeing an error of an invalid cert. When looking at the cert they are
> seeing it is from *.uwp.edu (which is the valid name) I am guessing it
> is invalid because it is missing the chain crt.
>
>  
>
> Is there any way to include the chain in the pem file?
>
>  
>
> --
>
> Gregory A. Thomas
>
> Student Life Support Specialist
>
> University of Wisconsin-Parkside
>
> thom...@uwp.edu
> 
>
> 262.595.2432
>
>  
>
> *From:*Virginie Girou [mailto:virginie.gi...@ut-capitole.fr]
> *Sent:* Tuesday, May 2, 2017 3:27 AM
> *To:* packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Subject:* Re: [PacketFence-users] Captive portal SSL not using
> defined cert after PF7 upgrade
>
>  
>
> Hello,
>
> thank you it works now !
>
> Virginie Girou
> Equipe systeme
> DSI - UT1 Capitole 
> Tel : +33 (0)5.61.63.39.19
>
> Le 28/04/2017 23:53, Sokolowski, Darryl a écrit :
>
> Fantastic!
>
> We’re up and running!
>
> Thanks again to all for your help!
>
>  
>
> Darryl
>
>  
>
> *From:*Louis Munro [mailto:lmu...@inverse.ca]
> *Sent:* Friday, April 28, 2017 5:46 PM
> *To:* packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Subject:* Re: [PacketFence-users] Captive portal SSL not using
> defined cert after PF7 upgrade
>
>  
>
>  
>
> On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl
> <ds...@earthcolor.com <mailto:ds...@earthcolor.com>> wrote:
>
>  
>
> Oh, ok, now I understand what Fabrice meant about haproxy
> terminating the ssl tunnel. Thanks for that explanation.
>
> Sorry, I didn’t pick that up right away.
>
>  
>
> I changed var/conf/haproxy.conf to point at my certificates,
> and every time I restart the service, it rewrites haproxy.conf
> file back to using server.pem.
>
>  
>
>  
>
> That's the expected behaviour.
>
> That file is actually generated based on your configuration, every
> time your start the service.
>
>  
>
>
>
> So reading your response again, it sounds like my concatenated
> certificate might need to be named ‘server.pem’.
>
> If I rename my certificate to ‘server.pem’, it works as desired.
>
> Is that the way to do it? Or am I still off-base?
>
>  
>
>  
>
> That's the way to go.
>
>  
>
>
>
> ‘server.pem’ won’t get overwritten by an ugrade?
>
>  
>
>  
>
> This is what the packetfence.spec file does: 
>
>  
>
> #Make ssl certificate
>
> if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then
>
> openssl req -x509 -new -nodes -days 365 -batch\
>
> -out /usr/local/pf/conf/ssl/server.crt\
>
> -keyout /usr/local/pf/conf/ssl/server.key\
>
> -nodes -config /usr/local/pf/conf/openssl.cnf
>
> cat /usr/local/pf/conf/ssl/server.crt 
> /usr/local/pf/conf/ssl/server.key > /usr/l

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-08-23 Thread Will Halsall via PacketFence-users 
I just added the intermediate certificate to the cat process:

cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key 
/usr/local/pf/conf/ssl/intermediates.crt >/usr/local/pf/conf/ssl/server.pem



and  uncommented the intermediate certificate in ssl-certificates.conf
Packetfence/conf/httpd.conf.d/ssl-certificates.conf:SSLCertificateChainFile 
%%install_dir%%/conf/ssl/intermediates.crt


See if that helps










From: Thomas, Gregory A via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, August 22, 2017 8:21 PM
To: packetfence-users@lists.sourceforge.net
Cc: Thomas, Gregory A
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade

I know this is an older post but I am having some problems with the cert 
getting to the user's computer.

I have concatenated the crt and key file to a pem. The thing is, I am using a 
wild card cert with a chain so on some machines the user is seeing an error of 
an invalid cert. When looking at the cert they are seeing it is from *.uwp.edu 
(which is the valid name) I am guessing it is invalid because it is missing the 
chain crt.

Is there any way to include the chain in the pem file?

--
Gregory A. Thomas
Student Life Support Specialist
University of Wisconsin-Parkside
thom...@uwp.edu
262.595.2432

From: Virginie Girou [mailto:virginie.gi...@ut-capitole.fr]
Sent: Tuesday, May 2, 2017 3:27 AM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade

Hello,

thank you it works now !


Virginie Girou

Equipe systeme

DSI - UT1 Capitole

Tel : +33 (0)5.61.63.39.19
Le 28/04/2017 23:53, Sokolowski, Darryl a écrit :
Fantastic!
We're up and running!
Thanks again to all for your help!

Darryl

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Friday, April 28, 2017 5:46 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade


On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl 
<ds...@earthcolor.com<mailto:ds...@earthcolor.com>> wrote:

Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl 
tunnel. Thanks for that explanation.
Sorry, I didn't pick that up right away.

I changed var/conf/haproxy.conf to point at my certificates, and every time I 
restart the service, it rewrites haproxy.conf file back to using server.pem.


That's the expected behaviour.
That file is actually generated based on your configuration, every time your 
start the service.



So reading your response again, it sounds like my concatenated certificate 
might need to be named 'server.pem'.
If I rename my certificate to 'server.pem', it works as desired.
Is that the way to do it? Or am I still off-base?


That's the way to go.



'server.pem' won't get overwritten by an ugrade?


This is what the packetfence.spec file does:


#Make ssl certificate

if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then

openssl req -x509 -new -nodes -days 365 -batch\

-out /usr/local/pf/conf/ssl/server.crt\

-keyout /usr/local/pf/conf/ssl/server.key\

-nodes -config /usr/local/pf/conf/openssl.cnf

cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > 
/usr/local/pf/conf/ssl/server.pem

fi
So as long as you have a file named  "/usr/local/pf/conf/ssl/server.crt" it 
won't overwrite the server.pem.





I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.



Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)




>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-08-22 Thread Durand fabrice via PacketFence-users 

Hello Thomas,

you just have to add it in the server.pem like that:

cat /usr/local/pf/conf/ssl/server.crt 
/usr/local/pf/conf/ssl/intermediate1.crt 
/usr/local/pf/conf/ssl/intermediate2.crt 
/usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem


Also what i use all the time to fix this sort of issue is to use:

openssl x509 -inform PEM -in "server.crt" -text

and check for this attribute X509v3 Authority Key Identifier to follow 
the cert chain.


Regards

Fabrice


Le 2017-08-22 à 15:21, Thomas, Gregory A via PacketFence-users a écrit :


I know this is an older post but I am having some problems with the 
cert getting to the user’s computer.


I have concatenated the crt and key file to a pem. The thing is, I am 
using a wild card cert with a chain so on some machines the user is 
seeing an error of an invalid cert. When looking at the cert they are 
seeing it is from *.uwp.edu (which is the valid name) I am guessing it 
is invalid because it is missing the chain crt.


Is there any way to include the chain in the pem file?

--

Gregory A. Thomas

Student Life Support Specialist

University of Wisconsin-Parkside

thom...@uwp.edu 



262.595.2432

*From:*Virginie Girou [mailto:virginie.gi...@ut-capitole.fr]
*Sent:* Tuesday, May 2, 2017 3:27 AM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Captive portal SSL not using 
defined cert after PF7 upgrade


Hello,

thank you it works now !


Virginie Girou
Equipe systeme
DSI - UT1 Capitole
Tel : +33 (0)5.61.63.39.19

Le 28/04/2017 23:53, Sokolowski, Darryl a écrit :

Fantastic!

We’re up and running!

Thanks again to all for your help!

Darryl

*From:*Louis Munro [mailto:lmu...@inverse.ca]
*Sent:* Friday, April 28, 2017 5:46 PM
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
    *Subject:* Re: [PacketFence-users] Captive portal SSL not using
    defined cert after PF7 upgrade

On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl
<ds...@earthcolor.com <mailto:ds...@earthcolor.com>> wrote:

Oh, ok, now I understand what Fabrice meant about haproxy
terminating the ssl tunnel. Thanks for that explanation.

Sorry, I didn’t pick that up right away.

I changed var/conf/haproxy.conf to point at my certificates,
and every time I restart the service, it rewrites haproxy.conf
file back to using server.pem.

That's the expected behaviour.

That file is actually generated based on your configuration, every
time your start the service.




So reading your response again, it sounds like my concatenated
certificate might need to be named ‘server.pem’.

If I rename my certificate to ‘server.pem’, it works as desired.

Is that the way to do it? Or am I still off-base?

That's the way to go.




‘server.pem’ won’t get overwritten by an ugrade?

This is what the packetfence.spec file does:

#Make ssl certificate

if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then

 openssl req -x509 -new -nodes -days 365 -batch\

 -out /usr/local/pf/conf/ssl/server.crt\

 -keyout /usr/local/pf/conf/ssl/server.key\

 -nodes -config /usr/local/pf/conf/openssl.cnf

 cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key 
> /usr/local/pf/conf/ssl/server.pem

fi

So as long as you have a file named
 "/usr/local/pf/conf/ssl/server.crt" it won't overwrite the
server.pem.




I agree that this should be configurable.

I'm adding it to the whishlist for 7.1 or 7.2.

Regards,
--

Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca>  :: www.inverse.ca
<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu
<http://www.sogo.nu>) and PacketFence (www.packetfence.org
<http://www.packetfence.org>)




>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all
attachments, is for the sole use of the intended recipient(s), and
may contain confidential and/or privileged information, pertaining
to business conducted under the direction and supervision of
EarthColor, Inc. All e-mail messages, which may have been
established as expressed views and/or opinions (stated either
within the e-mail message or any of its attachments), are left to
the sole responsibility of that of the sender, and are not
necessarily attributed to EarthColor, Inc. Unauthorized
interception, review, use, disclosure or distribution of any such
information contained within this e-mail message and/or its
attachment(s), is(are) strictly prohib

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-08-22 Thread Thomas, Gregory A via PacketFence-users 
I know this is an older post but I am having some problems with the cert 
getting to the user's computer.

I have concatenated the crt and key file to a pem. The thing is, I am using a 
wild card cert with a chain so on some machines the user is seeing an error of 
an invalid cert. When looking at the cert they are seeing it is from *.uwp.edu 
(which is the valid name) I am guessing it is invalid because it is missing the 
chain crt.

Is there any way to include the chain in the pem file?

--
Gregory A. Thomas
Student Life Support Specialist
University of Wisconsin-Parkside
thom...@uwp.edu
262.595.2432

From: Virginie Girou [mailto:virginie.gi...@ut-capitole.fr]
Sent: Tuesday, May 2, 2017 3:27 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade

Hello,

thank you it works now !



Virginie Girou

Equipe systeme

DSI - UT1 Capitole

Tel : +33 (0)5.61.63.39.19
Le 28/04/2017 23:53, Sokolowski, Darryl a écrit :
Fantastic!
We're up and running!
Thanks again to all for your help!

Darryl

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Friday, April 28, 2017 5:46 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade


On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl 
<ds...@earthcolor.com<mailto:ds...@earthcolor.com>> wrote:

Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl 
tunnel. Thanks for that explanation.
Sorry, I didn't pick that up right away.

I changed var/conf/haproxy.conf to point at my certificates, and every time I 
restart the service, it rewrites haproxy.conf file back to using server.pem.


That's the expected behaviour.
That file is actually generated based on your configuration, every time your 
start the service.




So reading your response again, it sounds like my concatenated certificate 
might need to be named 'server.pem'.
If I rename my certificate to 'server.pem', it works as desired.
Is that the way to do it? Or am I still off-base?


That's the way to go.




'server.pem' won't get overwritten by an ugrade?


This is what the packetfence.spec file does:


#Make ssl certificate

if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then

openssl req -x509 -new -nodes -days 365 -batch\

-out /usr/local/pf/conf/ssl/server.crt\

-keyout /usr/local/pf/conf/ssl/server.key\

-nodes -config /usr/local/pf/conf/openssl.cnf

cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > 
/usr/local/pf/conf/ssl/server.pem

fi
So as long as you have a file named  "/usr/local/pf/conf/ssl/server.crt" it 
won't overwrite the server.pem.






I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.



Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)




>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction of all copies of the original e-mail 
message (along with any attachments). !DSPAM:67760,5903cfd8169611367415823!



--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



!DSPAM:67760,5903cfd8169611367415823!




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users





!DSPAM:67760,5903cfd8169611367415823!

--
Check out the vibrant tech communit

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-05-02 Thread Virginie Girou 

Hello,

thank you it works now !

Virginie Girou
Equipe systeme
DSI - UT1 Capitole
Tel : +33 (0)5.61.63.39.19

Le 28/04/2017 23:53, Sokolowski, Darryl a écrit :


Fantastic!

We’re up and running!

Thanks again to all for your help!

Darryl

*From:*Louis Munro [mailto:lmu...@inverse.ca]
*Sent:* Friday, April 28, 2017 5:46 PM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Captive portal SSL not using 
defined cert after PF7 upgrade


On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl
<ds...@earthcolor.com <mailto:ds...@earthcolor.com>> wrote:

Oh, ok, now I understand what Fabrice meant about haproxy
terminating the ssl tunnel. Thanks for that explanation.

Sorry, I didn’t pick that up right away.

I changed var/conf/haproxy.conf to point at my certificates, and
every time I restart the service, it rewrites haproxy.conf file
back to using server.pem.

That's the expected behaviour.

That file is actually generated based on your configuration, every 
time your start the service.




So reading your response again, it sounds like my concatenated
certificate might need to be named ‘server.pem’.

If I rename my certificate to ‘server.pem’, it works as desired.

Is that the way to do it? Or am I still off-base?

That's the way to go.



‘server.pem’ won’t get overwritten by an ugrade?

This is what the packetfence.spec file does:

#Make ssl certificate
if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then
 openssl req -x509 -new -nodes -days 365 -batch\
 -out /usr/local/pf/conf/ssl/server.crt\
 -keyout /usr/local/pf/conf/ssl/server.key\
 -nodes -config /usr/local/pf/conf/openssl.cnf
 cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > 
/usr/local/pf/conf/ssl/server.pem
fi

So as long as you have a file named 
 "/usr/local/pf/conf/ssl/server.crt" it won't overwrite the server.pem.




I agree that this should be configurable.

I'm adding it to the whishlist for 7.1 or 7.2.

Regards,
--

Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca>  :: www.inverse.ca 
<http://www.inverse.ca>

+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) 
and PacketFence (www.packetfence.org <http://www.packetfence.org>)






>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all 
attachments, is for the sole use of the intended recipient(s), and may 
contain confidential and/or privileged information, pertaining to 
business conducted under the direction and supervision of EarthColor, 
Inc. All e-mail messages, which may have been established as expressed 
views and/or opinions (stated either within the e-mail message or any 
of its attachments), are left to the sole responsibility of that of 
the sender, and are not necessarily attributed to EarthColor, Inc. 
Unauthorized interception, review, use, disclosure or distribution of 
any such information contained within this e-mail message and/or its 
attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this 
e-mail message, along with the destruction of all copies of the 
original e-mail message (along with any attachments). 
!DSPAM:67760,5903cfd8169611367415823!



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

!DSPAM:67760,5903cfd8169611367415823!


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


!DSPAM:67760,5903cfd8169611367415823!


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-28 Thread Sokolowski, Darryl 
Fantastic!
We’re up and running!
Thanks again to all for your help!

Darryl

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Friday, April 28, 2017 5:46 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade


On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl 
<ds...@earthcolor.com<mailto:ds...@earthcolor.com>> wrote:

Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl 
tunnel. Thanks for that explanation.
Sorry, I didn’t pick that up right away.

I changed var/conf/haproxy.conf to point at my certificates, and every time I 
restart the service, it rewrites haproxy.conf file back to using server.pem.


That's the expected behaviour.
That file is actually generated based on your configuration, every time your 
start the service.



So reading your response again, it sounds like my concatenated certificate 
might need to be named ‘server.pem’.
If I rename my certificate to ‘server.pem’, it works as desired.
Is that the way to do it? Or am I still off-base?


That's the way to go.



‘server.pem’ won’t get overwritten by an ugrade?


This is what the packetfence.spec file does:


#Make ssl certificate

if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then

openssl req -x509 -new -nodes -days 365 -batch\

-out /usr/local/pf/conf/ssl/server.crt\

-keyout /usr/local/pf/conf/ssl/server.key\

-nodes -config /usr/local/pf/conf/openssl.cnf

cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > 
/usr/local/pf/conf/ssl/server.pem

fi
So as long as you have a file named  "/usr/local/pf/conf/ssl/server.crt" it 
won't overwrite the server.pem.





I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.



Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)





>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction of all copies of the original e-mail 
message (along with any attachments).
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-28 Thread Louis Munro 

> On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl  wrote:
> 
> Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl 
> tunnel. Thanks for that explanation.
> Sorry, I didn’t pick that up right away.
>  
> I changed var/conf/haproxy.conf to point at my certificates, and every time I 
> restart the service, it rewrites haproxy.conf file back to using server.pem.
>  

That's the expected behaviour.
That file is actually generated based on your configuration, every time your 
start the service.


> So reading your response again, it sounds like my concatenated certificate 
> might need to be named ‘server.pem’.
> If I rename my certificate to ‘server.pem’, it works as desired.
> Is that the way to do it? Or am I still off-base?


That's the way to go.


> ‘server.pem’ won’t get overwritten by an ugrade?
>  


This is what the packetfence.spec file does: 

#Make ssl certificate
if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then
openssl req -x509 -new -nodes -days 365 -batch\
-out /usr/local/pf/conf/ssl/server.crt\
-keyout /usr/local/pf/conf/ssl/server.key\
-nodes -config /usr/local/pf/conf/openssl.cnf
cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > 
/usr/local/pf/conf/ssl/server.pem
fi
So as long as you have a file named  "/usr/local/pf/conf/ssl/server.crt" it 
won't overwrite the server.pem.




I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.



Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-28 Thread Sokolowski, Darryl 
Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl 
tunnel. Thanks for that explanation.
Sorry, I didn't pick that up right away.

I changed var/conf/haproxy.conf to point at my certificates, and every time I 
restart the service, it rewrites haproxy.conf file back to using server.pem.

So reading your response again, it sounds like my concatenated certificate 
might need to be named 'server.pem'.
If I rename my certificate to 'server.pem', it works as desired.
Is that the way to do it? Or am I still off-base?
'server.pem' won't get overwritten by an ugrade?

Thanks so much,
Darryl

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Friday, April 28, 2017 4:29 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade

A bit of background seems in order.

In PF 7.0 HAProxy sits in front of the httpd process for the portal.
HAProxy terminates the TLS connection, not httpd.

So you must tell HAProxy where to find your server certificate and key.

Look at the var/conf/haproxy.conf.
You will find the lines that configure ssl for each of the frontends.
Those lines point to the server.pem file, which must contain the concatenation 
of both your server certificate(s) and server key.

The conf/httpd.conf.d/ssl-certificates.conf files have nothing to do with that.



On Apr 28, 2017, at 9:33 AM, Virginie Girou 
<virginie.gi...@ut-capitole.fr<mailto:virginie.gi...@ut-capitole.fr>> wrote:

Hello,

I am exactly in the same case.
Here is the content of /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf :

# Apache SSL certificates configuration
# This file is manipulated on PacketFence's startup before being given to Apache
SSLCertificateFile %%install_dir%%/conf/ssl/certif_ut-capitole_fr.crt
SSLCertificateKeyFile %%install_dir%%/conf/ssl/cle_ut-capitole_fr.key
SSLCertificateChainFile %%install_dir%%/conf/ssl/cachain_digicert.pem

I follow your advice :
cat certif_ut-capitole_fr.crt cle_ut-capitole_fr.key certif2_ut-capitole_fr.pem

But where must "certif2_ut-capitole_fr.pem" be used ? Which config file ?

Thanks

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)





>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction of all copies of the original e-mail 
message (along with any attachments).
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-28 Thread Louis Munro 
A bit of background seems in order.

In PF 7.0 HAProxy sits in front of the httpd process for the portal.
HAProxy terminates the TLS connection, not httpd.

So you must tell HAProxy where to find your server certificate and key.

Look at the var/conf/haproxy.conf. 
You will find the lines that configure ssl for each of the frontends.
Those lines point to the server.pem file, which must contain the concatenation 
of both your server certificate(s) and server key.

The conf/httpd.conf.d/ssl-certificates.conf files have nothing to do with that.



> On Apr 28, 2017, at 9:33 AM, Virginie Girou  
> wrote:
> 
> Hello,
> 
> I am exactly in the same case.
> Here is the content of /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf :
> 
> # Apache SSL certificates configuration
> # This file is manipulated on PacketFence's startup before being given to 
> Apache
> SSLCertificateFile %%install_dir%%/conf/ssl/certif_ut-capitole_fr.crt
> SSLCertificateKeyFile %%install_dir%%/conf/ssl/cle_ut-capitole_fr.key
> SSLCertificateChainFile %%install_dir%%/conf/ssl/cachain_digicert.pem
> 
> I follow your advice : 
> cat certif_ut-capitole_fr.crt cle_ut-capitole_fr.key 
> certif2_ut-capitole_fr.pem
> 
> But where must "certif2_ut-capitole_fr.pem" be used ? Which config file ?
> 
> Thanks

Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-28 Thread Virginie Girou 

Hello,

I am exactly in the same case.
Here is the content of 
/usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf :


/# Apache SSL certificates configuration//
//# This file is manipulated on PacketFence's startup before being given 
to Apache//

//SSLCertificateFile %%install_dir%%/conf/ssl/certif_ut-capitole_fr.crt//
//SSLCertificateKeyFile %%install_dir%%/conf/ssl/cle_ut-capitole_fr.key//
//SSLCertificateChainFile %%install_dir%%/conf/ssl/cachain_digicert.pem//
/
I follow your advice :
cat certif_ut-capitole_fr.crt cle_ut-capitole_fr.key 
certif2_ut-capitole_fr.pem


But where must "certif2_ut-capitole_fr.pem" be used ? Which config file ?

Thanks


Virginie Girou
Equipe systeme
DSI - UT1 Capitole
Tel : +33 (0)5.61.63.39.19

Le 28/04/2017 14:52, Fabrice Durand a écrit :


Hello Darryl,

what did you do exactly ?

Regards

Fabrice



Le 2017-04-27 à 12:06, Sokolowski, Darryl a écrit :


Thanks Fabrice,

I concatenated my server certificate and server key as suggested and 
restarted pf, but unfortunately when I access the portal page, I am 
still getting the certificate issued by/to 127.0.0.1 instead of my 
Comodo certificate.


If it helps, my ssl-certificates.conf file looks like:

SSLCertificateFile /usr/local/pf/conf/ssl/star_mydomain_com_SHA2.pem

SSLCertificateKeyFile /usr/local/pf/conf/ssl/star_mydomain_com_SHA2.key

SSLCertificateChainFile /usr/local/pf/conf/ssl/ComodoCA_SHA2.bundle

Thanks

Darryl

*From:*Fabrice Durand [mailto:fdur...@inverse.ca]
*Sent:* Thursday, April 27, 2017 8:43 AM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Captive portal SSL not using 
defined cert after PF7 upgrade


Hello Darryl,

haproxy terminate the ssl tunnel, so you need to do something like 
that with your cert:


cat /usr/local/pf/conf/ssl/server.crt 
/usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem


Regards

Fabrice

Le 2017-04-26 à 21:53, Sokolowski, Darryl a écrit :

Hi all,

When on 6.5.1 I had purchased and installed an SSL certificate
for the portal and admin. Installed and updated
ssl-certificates.conf and no certificate errors.

After the upgrade to version 7, ssl-certificates.conf still has
the correct certificate referenced, but the portal is using the
self-signed certificate instead.

Admin page does use the correct certificate.

I checked both
/usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf and
/usr/local/pf/var/conf/ssl-certificates.conf and both are
correct, but incorrect cert used on the portal page.

Anyone know how to make it use the correct certificate now?

Thanks






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org!http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net  
<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca  <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca  <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)




>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all 
attachments, is for the sole use of the intended recipient(s), and 
may contain confidential and/or privileged information, pertaining to 
business conducted under the direction and supervision of EarthColor, 
Inc. All e-mail messages, which may have been established as 
expressed views and/or opinions (stated either within the e-mail 
message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily 
attributed to EarthColor, Inc. Unauthorized interception, review, 
use, disclosure or distribution of any such information contained 
within this e-mail message and/or its attachment(s), is(are) strictly 
prohibited. If you are not the intended recipient, please contact the 
sender by replying to this e-mail message, along with the destruction 
of all copies of the original e-mail message (along with any 
attachments).



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca  ::  +1.514.447.4918 (x135

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-28 Thread Fabrice Durand 
Hello Darryl,

what did you do exactly ?

Regards

Fabrice



Le 2017-04-27 à 12:06, Sokolowski, Darryl a écrit :
>
> Thanks Fabrice,
>
> I concatenated my server certificate and server key as suggested and
> restarted pf, but unfortunately when I access the portal page, I am
> still getting the certificate issued by/to 127.0.0.1 instead of my
> Comodo certificate.
>
> If it helps, my ssl-certificates.conf file looks like:
>
>  
>
> SSLCertificateFile /usr/local/pf/conf/ssl/star_mydomain_com_SHA2.pem
>
> SSLCertificateKeyFile /usr/local/pf/conf/ssl/star_mydomain_com_SHA2.key
>
> SSLCertificateChainFile /usr/local/pf/conf/ssl/ComodoCA_SHA2.bundle
>
>  
>
> Thanks
>
> Darryl
>
>  
>
> *From:*Fabrice Durand [mailto:fdur...@inverse.ca]
> *Sent:* Thursday, April 27, 2017 8:43 AM
> *To:* packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] Captive portal SSL not using
> defined cert after PF7 upgrade
>
>  
>
> Hello Darryl,
>
> haproxy terminate the ssl tunnel, so you need to do something like
> that with your cert:
>
> cat /usr/local/pf/conf/ssl/server.crt
> /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem
>
> Regards
>
> Fabrice
>
>  
>
>  
>
> Le 2017-04-26 à 21:53, Sokolowski, Darryl a écrit :
>
> Hi all,
>
> When on 6.5.1 I had purchased and installed an SSL certificate for
> the portal and admin.  Installed and updated ssl-certificates.conf
> and no certificate errors.
>
> After the upgrade to version 7, ssl-certificates.conf still has
> the correct certificate referenced, but the portal is using the
> self-signed certificate instead.
>
> Admin page does use the correct certificate.
>
> I checked both
> /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf and
> /usr/local/pf/var/conf/ssl-certificates.conf and both are correct,
> but incorrect cert used on the portal page.
>
>  
>
> Anyone know how to make it use the correct certificate now?
>
>  
>
> Thanks
>
>  
>
>  
>
> 
>
>
>
> 
> --
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
> ___
>
> PacketFence-users mailing list
>
> PacketFence-users@lists.sourceforge.net
> <mailto:PacketFence-users@lists.sourceforge.net>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> -- 
> Fabrice Durand
> fdur...@inverse.ca <mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
> www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org) 
>
>
> 
>
> >>> CONFIDENTIALITY NOTICE <<<
>
> This electronic mail (e-mail) message, including any and/or all
> attachments, is for the sole use of the intended recipient(s), and may
> contain confidential and/or privileged information, pertaining to
> business conducted under the direction and supervision of EarthColor,
> Inc. All e-mail messages, which may have been established as expressed
> views and/or opinions (stated either within the e-mail message or any
> of its attachments), are left to the sole responsibility of that of
> the sender, and are not necessarily attributed to EarthColor, Inc.
> Unauthorized interception, review, use, disclosure or distribution of
> any such information contained within this e-mail message and/or its
> attachment(s), is(are) strictly prohibited. If you are not the
> intended recipient, please contact the sender by replying to this
> e-mail message, along with the destruction of all copies of the
> original e-mail message (along with any attachments).
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-27 Thread Sokolowski, Darryl 
Thanks Fabrice,
I concatenated my server certificate and server key as suggested and restarted 
pf, but unfortunately when I access the portal page, I am still getting the 
certificate issued by/to 127.0.0.1 instead of my Comodo certificate.
If it helps, my ssl-certificates.conf file looks like:

SSLCertificateFile /usr/local/pf/conf/ssl/star_mydomain_com_SHA2.pem
SSLCertificateKeyFile /usr/local/pf/conf/ssl/star_mydomain_com_SHA2.key
SSLCertificateChainFile /usr/local/pf/conf/ssl/ComodoCA_SHA2.bundle

Thanks
Darryl

From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Thursday, April 27, 2017 8:43 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert 
after PF7 upgrade


Hello Darryl,

haproxy terminate the ssl tunnel, so you need to do something like that with 
your cert:

cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > 
/usr/local/pf/conf/ssl/server.pem

Regards

Fabrice



Le 2017-04-26 à 21:53, Sokolowski, Darryl a écrit :
Hi all,
When on 6.5.1 I had purchased and installed an SSL certificate for the portal 
and admin.  Installed and updated ssl-certificates.conf and no certificate 
errors.
After the upgrade to version 7, ssl-certificates.conf still has the correct 
certificate referenced, but the portal is using the self-signed certificate 
instead.
Admin page does use the correct certificate.
I checked both /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf and 
/usr/local/pf/var/conf/ssl-certificates.conf and both are correct, but 
incorrect cert used on the portal page.

Anyone know how to make it use the correct certificate now?

Thanks






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)




>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction of all copies of the original e-mail 
message (along with any attachments).
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-27 Thread Fabrice Durand 
Hello Darryl,

haproxy terminate the ssl tunnel, so you need to do something like that
with your cert:

cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key
> /usr/local/pf/conf/ssl/server.pem

Regards

Fabrice



Le 2017-04-26 à 21:53, Sokolowski, Darryl a écrit :
>
> Hi all,
>
> When on 6.5.1 I had purchased and installed an SSL certificate for the
> portal and admin.  Installed and updated ssl-certificates.conf and no
> certificate errors.
>
> After the upgrade to version 7, ssl-certificates.conf still has the
> correct certificate referenced, but the portal is using the
> self-signed certificate instead.
>
> Admin page does use the correct certificate.
>
> I checked both /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf
> and /usr/local/pf/var/conf/ssl-certficates.conf and both are correct,
> but incorrect cert used on the portal page.
>
>  
>
> Anyone know how to make it use the correct certificate now?
>
>  
>
> Thanks
>
>  
>
>
>
> 
>
> >>> CONFIDENTIALITY NOTICE <<<
>
> This electronic mail (e-mail) message, including any and/or all
> attachments, is for the sole use of the intended recipient(s), and may
> contain confidential and/or privileged information, pertaining to
> business conducted under the direction and supervision of EarthColor,
> Inc. All e-mail messages, which may have been established as expressed
> views and/or opinions (stated either within the e-mail message or any
> of its attachments), are left to the sole responsibility of that of
> the sender, and are not necessarily attributed to EarthColor, Inc.
> Unauthorized interception, review, use, disclosure or distribution of
> any such information contained within this e-mail message and/or its
> attachment(s), is(are) strictly prohibited. If you are not the
> intended recipient, please contact the sender by replying to this
> e-mail message, along with the destruction of all copies of the
> original e-mail message (along with any attachments).
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

2017-04-27 Thread Sokolowski, Darryl 
Hi all,
When on 6.5.1 I had purchased and installed an SSL certificate for the portal 
and admin.  Installed and updated ssl-certificates.conf and no certificate 
errors.
After the upgrade to version 7, ssl-certificates.conf still has the correct 
certificate referenced, but the portal is using the self-signed certificate 
instead.
Admin page does use the correct certificate.
I checked both /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf and 
/usr/local/pf/var/conf/ssl-certficates.conf and both are correct, but incorrect 
cert used on the portal page.

Anyone know how to make it use the correct certificate now?

Thanks





>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction of all copies of the original e-mail 
message (along with any attachments).
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users