OK, thx for the info.
So if I create my own CA, and generate a certificate for packet fence, and then distribute that CA cert to all my domain computers so that web browsers could treat them trusted it’s going to work but only for my domain computers. And if someone else connects to network (outside the domain) for example a guest he will receive an error. So only way is to have a real cert. Am I correct ? pt., 5 paź 2018 o 15:37 Eric Naujock <[email protected]> napisał(a): > You cannot use a self signed certificate on any web page. Google will > violently protest a self signed certificate. Firefox will complain loudly. > Safari will protest. Edge will have a fit. You must have a properly signed > certificate installed in your portal webpage. Though PacketFence will > generate a self signed. You do have to have a real signed certificate to > have this work. It's just how the web works. If you turn off the https then > browsers will continue to get louder in their protests. Though right now > unencrypted pages will work. If you look at the menu bar of the page it > will report an unsafe page. > > On Oct 5, 2018, at 2:10 AM, Cezary Barciński via PacketFence-users < > [email protected]> wrote: > > Hello again, > > I still have problem. Let me summarize and explain step by step: > 1. I turn on HTTPS redirect and restart the service. > 2. Unregistered user connects to the network, gets IP. > 3. User opens a web browser with default webpage on his computer > like for example - google.com. > 4. Now, portal should redirect the user to the registration webpage > but it doesn’t. User gets information that google.com uses wrong > certificate – certificate not trusted, and user doesn’t even have option to > accept self-signed cert. Mozilla says: Error: > MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT. > > 5. With HTTPS redirect disable all is good, but then registration > portal is based on HTTP and I wouldn’t like to users to register/login with > plain text password. > > Any thoughts ? > > śr., 3 paź 2018 o 19:28 Nicolas Quiniou-Briand via PacketFence-users < > [email protected]> napisał(a): > >> Hello Cezary, >> >> On 2018-10-02 04:48 PM, Cezary Barciński via PacketFence-users wrote: >> > I was convinced that packetfence generates self-signed certificate >> > automatically and after turning on HTTPS option I would have to accept >> > that cert in a web browser and would be able to see the portal login >> page. >> >> PF will work exactly like this. >> >> > I’m also afraid about this: >> > >> > “Force the captive portal to use HTTPS for all portal clients.Note that >> > clients will be forced to use HTTPS on all URLs.This requires a restart >> > of the httpd.portal process to be fully effective.” >> > >> > Does it mean that when I implement SSL and turn the HTTPS option on, >> > users won’t be able to browse classic HTTP websites? What about other >> > services like internet radio, games etc? >> >> No. >> -- >> Nicolas Quiniou-Briand >> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca >> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence >> (https://packetfence.org) and Fingerbank (http://fingerbank.org) >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
