Fantastic!
We’re up and running!
Thanks again to all for your help!
Darryl
From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Friday, April 28, 2017 5:46 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert
after PF7 upgrade
On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl
<ds...@earthcolor.com<mailto:ds...@earthcolor.com>> wrote:
Oh, ok, now I understand what Fabrice meant about haproxy terminating the ssl
tunnel. Thanks for that explanation.
Sorry, I didn’t pick that up right away.
I changed var/conf/haproxy.conf to point at my certificates, and every time I
restart the service, it rewrites haproxy.conf file back to using server.pem.
That's the expected behaviour.
That file is actually generated based on your configuration, every time your
start the service.
So reading your response again, it sounds like my concatenated certificate
might need to be named ‘server.pem’.
If I rename my certificate to ‘server.pem’, it works as desired.
Is that the way to do it? Or am I still off-base?
That's the way to go.
‘server.pem’ won’t get overwritten by an ugrade?
This is what the packetfence.spec file does:
#Make ssl certificate
if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then
openssl req -x509 -new -nodes -days 365 -batch\
-out /usr/local/pf/conf/ssl/server.crt\
-keyout /usr/local/pf/conf/ssl/server.key\
-nodes -config /usr/local/pf/conf/openssl.cnf
cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key >
/usr/local/pf/conf/ssl/server.pem
fi
So as long as you have a file named "/usr/local/pf/conf/ssl/server.crt" it
won't overwrite the server.pem.
I agree that this should be configurable.
I'm adding it to the whishlist for 7.1 or 7.2.
Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
________________________________
>>> CONFIDENTIALITY NOTICE <<<
This electronic mail (e-mail) message, including any and/or all attachments, is
for the sole use of the intended recipient(s), and may contain confidential
and/or privileged information, pertaining to business conducted under the
direction and supervision of EarthColor, Inc. All e-mail messages, which may
have been established as expressed views and/or opinions (stated either within
the e-mail message or any of its attachments), are left to the sole
responsibility of that of the sender, and are not necessarily attributed to
EarthColor, Inc. Unauthorized interception, review, use, disclosure or
distribution of any such information contained within this e-mail message
and/or its attachment(s), is(are) strictly prohibited. If you are not the
intended recipient, please contact the sender by replying to this e-mail
message, along with the destruction of all copies of the original e-mail
message (along with any attachments).
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
