I have a wildcard from Digicert and used this to get the cert:Apache: CSR &
SSL Installation (OpenSSL)
|
|
|
| | |
|
|
|
| |
Apache: CSR & SSL Installation (OpenSSL)
Apache: Generating your Apache CSR with OpenSSL and installing your SSL
certificate and Mod_SSL web server confi...
|
|
|
Also, when requesting the duplicate from Digicert it allows you to enter
additional SANs beyond the *.domain.com. I put my pf.domain.com as one of the
SANs when requesting the duplicate. I also used WinSCP to connect to my
packetfence server to get the csr and key files. I know that's not needed but
just thought I would mention it.
On Thursday, November 12, 2020, 04:29:50 PM EST, ypefti--- via
PacketFence-users <packetfence-users@lists.sourceforge.net> wrote:
More digging, more tries, more frustrations 😉
Further to my previous email. I replaced three files from SSL folder with files
that correspond to the new certificated, i.e.
/usr/local/pf/conf/ssl/server.key
/usr/local/pf/conf/ssl/server.crt
/usr/local/pf/conf/ssl/server.pem
PF web interface said bye-bye to me. Why do I see this error in
/usr/local/pf/logs/httpd.webservices.error
Nov 12 13:04:07 pf httpd_webservices_err: AH00558: httpd: Could not reliably
determine the server's fully qualified domain name, using
fe80::250:56ff:fe8a:e674. Set the 'ServerName' directive globally to suppress
this message
What happened to Apache and PF ?
And what drives me mad is the fact that if I put old certificate files back I
still can't login via PF GUI.
Having this error:
A networking error occurred. Is the API service running?
Eugene
-----Original Message-----
From: ype...@gmail.com <ype...@gmail.com>
Sent: Thursday, November 12, 2020 11:26 AM
To: packetfence-users@lists.sourceforge.net
Cc: 'mj' <li...@merit.unu.edu>
Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on PF
Thank you, MJ,
It looks like questions asked here are replied selectively.
At least out of 4 questions that I asked only this one was finally "noticed"
after the resend 😉
I wouldn't bother the list with my questions if the procedure is well
documented and works.
The existing documentation mentions only this:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
"Upon PacketFence installation, self-signed certificates will be created in
/usr/local/pf/conf/ssl (server.key and server.crt). Those certificates can be
replaced anytime by your 3rd-party or existing wild card certificate without
problems. Please note that the CN (Common Name) needs to be the same as the one
defined in the PacketFence configuration file (pf.conf)."
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is very confusing. We all know that CN in the wildcard certificate looks
like this:
*.example.com
How would I make use of it with PF ?
If you refer me to Let's Encrypt certificates should I understand that I need
to do it from www.sslforfree.com And what's the correct procedure to install an
SSL certificate to PF. Never saw it in the documentation.
I need it for a captive portal.
Eugene
-----Original Message-----
From: mj via PacketFence-users <packetfence-users@lists.sourceforge.net>
Sent: Wednesday, November 11, 2020 1:38 AM
To: packetfence-users@lists.sourceforge.net
Cc: mj <li...@merit.unu.edu>
Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF
Hi Eugene,
The list has always been alive, from where we are. :-)
Anyway: I would encourage you to take a look a Let's Encrypt certificates with
packetfence. I think they are a bit more secure than a wildcard certificate,
plus they are free and work very well.
(there are some threads on this mailinglist on that subject)
Good luck,
MJ
On 11/10/20 5:31 PM, E.P. via PacketFence-users wrote:
> Since this group suddenly became alive I dare asking my previous again
> 😉
>
> How would I install a wildcard SSL certificate on PF, see more details
> below
>
> Eugene
>
> *From:* E.P. <ype...@gmail.com>
> *Sent:* Saturday, October 31, 2020 2:43 PM
> *To:* packetfence-users@lists.sourceforge.net
> *Subject:* Wildcard SSL certificate installation on PF
>
> Guys,
>
> I’m trying to overcome the issue with a self-signed SSL certificate
> that PF offers to WiFi authentication via captive portal.
>
> This a certificate that is in use by HTTPS sessions
>
> Certificate/Key match
>
> Chain is invalid
>
> common_name
>
> 127.0.0.1, emailAddress=supp...@inverse.ca
> <mailto:emailAddress=supp...@inverse.ca>
>
> issuer
>
> C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1,
> emailAddress=supp...@inverse.ca
> <mailto:emailAddress=supp...@inverse.ca>
>
> not_after
>
> Oct 7 15:29:09 2021 GMT
>
> not_before
>
> Oct 7 15:29:09 2020 GMT
>
> serial
>
> A500DC03671C0E35
>
> subject
>
> C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1,
> emailAddress=supp...@inverse.ca
> <mailto:emailAddress=supp...@inverse.ca>
>
> Is there any way to import and install a company wild card SSL
> certificate into PF
>
> Eugene
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
