We use a wildcard on PF without a problem. On Thu, Nov 12, 2020 at 3:51 PM Michael Brown via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote:
> I have a wildcard from Digicert and used this to get the cert: > Apache: CSR & SSL Installation (OpenSSL) > <https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm> > > Apache: CSR & SSL Installation (OpenSSL) > > Apache: Generating your Apache CSR with OpenSSL and installing your SSL > certificate and Mod_SSL web server confi... > <https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm> > > > Also, when requesting the duplicate from Digicert it allows you to enter > additional SANs beyond the *.domain.com. I put my pf.domain.com as one > of the SANs when requesting the duplicate. I also used WinSCP to connect > to my packetfence server to get the csr and key files. I know that's not > needed but just thought I would mention it. > > > > > On Thursday, November 12, 2020, 04:29:50 PM EST, ypefti--- via > PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: > > > More digging, more tries, more frustrations š > Further to my previous email. I replaced three files from SSL folder with > files that correspond to the new certificated, i.e. > /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.crt > /usr/local/pf/conf/ssl/server.pem > > PF web interface said bye-bye to me. Why do I see this error in > /usr/local/pf/logs/httpd.webservices.error > > Nov 12 13:04:07 pf httpd_webservices_err: AH00558: httpd: Could not > reliably determine the server's fully qualified domain name, using > fe80::250:56ff:fe8a:e674. Set the 'ServerName' directive globally to > suppress this message > > What happened to Apache and PF ? > > And what drives me mad is the fact that if I put old certificate files > back I still can't login via PF GUI. > Having this error: > > A networking error occurred. Is the API service running? > > Eugene > > -----Original Message----- > From: ype...@gmail.com <ype...@gmail.com> > Sent: Thursday, November 12, 2020 11:26 AM > To: packetfence-users@lists.sourceforge.net > Cc: 'mj' <li...@merit.unu.edu> > Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on > PF > > Thank you, MJ, > It looks like questions asked here are replied selectively. > At least out of 4 questions that I asked only this one was finally > "noticed" after the resend š > I wouldn't bother the list with my questions if the procedure is well > documented and works. > The existing documentation mentions only this: > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > "Upon PacketFence installation, self-signed certificates will be created > in /usr/local/pf/conf/ssl (server.key and server.crt). Those certificates > can be replaced anytime by your 3rd-party or existing wild card certificate > without problems. Please note that the CN (Common Name) needs to be the > same as the one defined in the PacketFence configuration file (pf.conf)." > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > This is very confusing. We all know that CN in the wildcard certificate > looks like this: > *.example.com > How would I make use of it with PF ? > > If you refer me to Let's Encrypt certificates should I understand that I > need to do it from www.sslforfree.com And what's the correct procedure to > install an SSL certificate to PF. Never saw it in the documentation. > I need it for a captive portal. > > Eugene > > -----Original Message----- > From: mj via PacketFence-users <packetfence-users@lists.sourceforge.net> > Sent: Wednesday, November 11, 2020 1:38 AM > To: packetfence-users@lists.sourceforge.net > Cc: mj <li...@merit.unu.edu> > Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on > PF > > Hi Eugene, > > The list has always been alive, from where we are. :-) > > Anyway: I would encourage you to take a look a Let's Encrypt certificates > with packetfence. I think they are a bit more secure than a wildcard > certificate, plus they are free and work very well. > > (there are some threads on this mailinglist on that subject) > > Good luck, > MJ > > On 11/10/20 5:31 PM, E.P. via PacketFence-users wrote: > > Since this group suddenly became alive I dare asking my previous again > > š > > > > How would I install a wildcard SSL certificate on PF, see more details > > below > > > > Eugene > > > > *From:* E.P. <ype...@gmail.com> > > *Sent:* Saturday, October 31, 2020 2:43 PM > > *To:* packetfence-users@lists.sourceforge.net > > *Subject:* Wildcard SSL certificate installation on PF > > > > Guys, > > > > Iām trying to overcome the issue with a self-signed SSL certificate > > that PF offers to WiFi authentication via captive portal. > > > > This a certificate that is in use by HTTPS sessions > > > > Certificate/Key match > > > > Chain is invalid > > > > common_name > > > > 127.0.0.1, emailAddress=supp...@inverse.ca > > <mailto:emailAddress=supp...@inverse.ca> > > > > issuer > > > > C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1, > > emailAddress=supp...@inverse.ca > > <mailto:emailAddress=supp...@inverse.ca> > > > > not_after > > > > Oct 7 15:29:09 2021 GMT > > > > not_before > > > > Oct 7 15:29:09 2020 GMT > > > > serial > > > > A500DC03671C0E35 > > > > subject > > > > C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1, > > emailAddress=supp...@inverse.ca > > <mailto:emailAddress=supp...@inverse.ca> > > > > Is there any way to import and install a company wild card SSL > > certificate into PF > > > > Eugene > > > > > > > > _______________________________________________ > > PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
