It is some sort of conspiracy. No luck at all. Maybe someone will tell me what else to do to install an external SSL certificate to PF.
The server.key is also there, in the same folder. Do I really need *.pem file ? I didn’t receive it from CA. Fine, I converted *.crt to *.pem, still doesn’t fly. Why am I getting this error on PF GUI ? A networking error occurred. Is the API service running? Eugene From: E.P. <ype...@gmail.com <mailto:ype...@gmail.com> > Sent: Thursday, November 12, 2020 3:03 PM To: 'Michael Brown' <michaelbrow...@yahoo.com <mailto:michaelbrow...@yahoo.com> >; packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on PF Thank you, Michael. I did it almost the same way. What I don’t understand is the logic of PF and Apache integration. It appears that the original Apache config file, i.e. httpd.conf is useless and not in use by PF I will play and explore the SAN attribute in the certificate Eugene From: Michael Brown <michaelbrow...@yahoo.com <mailto:michaelbrow...@yahoo.com> > Sent: Thursday, November 12, 2020 1:47 PM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: ype...@gmail.com <mailto:ype...@gmail.com> Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF I have a wildcard from Digicert and used this to get the cert: <https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm> Apache: CSR & SSL Installation (OpenSSL) Apache: CSR & SSL Installation (OpenSSL) Apache: Generating your Apache CSR with OpenSSL and installing your SSL certificate and Mod_SSL web server confi... Also, when requesting the duplicate from Digicert it allows you to enter additional SANs beyond the *.domain.com. I put my pf.domain.com as one of the SANs when requesting the duplicate. I also used WinSCP to connect to my packetfence server to get the csr and key files. I know that's not needed but just thought I would mention it. On Thursday, November 12, 2020, 04:29:50 PM EST, ypefti--- via PacketFence-users < <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net> wrote: More digging, more tries, more frustrations 😉 Further to my previous email. I replaced three files from SSL folder with files that correspond to the new certificated, i.e. /usr/local/pf/conf/ssl/server.key /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.pem PF web interface said bye-bye to me. Why do I see this error in /usr/local/pf/logs/httpd.webservices.error Nov 12 13:04:07 pf httpd_webservices_err: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::250:56ff:fe8a:e674. Set the 'ServerName' directive globally to suppress this message What happened to Apache and PF ? And what drives me mad is the fact that if I put old certificate files back I still can't login via PF GUI. Having this error: A networking error occurred. Is the API service running? Eugene -----Original Message----- From: <mailto:ype...@gmail.com> ype...@gmail.com < <mailto:ype...@gmail.com> ype...@gmail.com> Sent: Thursday, November 12, 2020 11:26 AM To: <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net Cc: 'mj' < <mailto:li...@merit.unu.edu> li...@merit.unu.edu> Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on PF Thank you, MJ, It looks like questions asked here are replied selectively. At least out of 4 questions that I asked only this one was finally "noticed" after the resend 😉 I wouldn't bother the list with my questions if the procedure is well documented and works. The existing documentation mentions only this: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ "Upon PacketFence installation, self-signed certificates will be created in /usr/local/pf/conf/ssl (server.key and server.crt). Those certificates can be replaced anytime by your 3rd-party or existing wild card certificate without problems. Please note that the CN (Common Name) needs to be the same as the one defined in the PacketFence configuration file (pf.conf)." ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This is very confusing. We all know that CN in the wildcard certificate looks like this: *.example.com How would I make use of it with PF ? If you refer me to Let's Encrypt certificates should I understand that I need to do it from <http://www.sslforfree.com> www.sslforfree.com And what's the correct procedure to install an SSL certificate to PF. Never saw it in the documentation. I need it for a captive portal. Eugene -----Original Message----- From: mj via PacketFence-users < <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net> Sent: Wednesday, November 11, 2020 1:38 AM To: <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net Cc: mj < <mailto:li...@merit.unu.edu> li...@merit.unu.edu> Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF Hi Eugene, The list has always been alive, from where we are. :-) Anyway: I would encourage you to take a look a Let's Encrypt certificates with packetfence. I think they are a bit more secure than a wildcard certificate, plus they are free and work very well. (there are some threads on this mailinglist on that subject) Good luck, MJ On 11/10/20 5:31 PM, E.P. via PacketFence-users wrote: > Since this group suddenly became alive I dare asking my previous again > 😉 > > How would I install a wildcard SSL certificate on PF, see more details > below > > Eugene > > *From:* E.P. < <mailto:ype...@gmail.com> ype...@gmail.com> > *Sent:* Saturday, October 31, 2020 2:43 PM > *To:* <mailto:packetfence-users@lists.sourceforge.net> > packetfence-users@lists.sourceforge.net > *Subject:* Wildcard SSL certificate installation on PF > > Guys, > > I’m trying to overcome the issue with a self-signed SSL certificate > that PF offers to WiFi authentication via captive portal. > > This a certificate that is in use by HTTPS sessions > > Certificate/Key match > > Chain is invalid > > common_name > > 127.0.0.1, emailAddress= <mailto:supp...@inverse.ca> supp...@inverse.ca > <mailto:emailAddress= <mailto:supp...@inverse.ca> supp...@inverse.ca> > > issuer > > C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1, > emailAddress= <mailto:supp...@inverse.ca> supp...@inverse.ca > <mailto:emailAddress= <mailto:supp...@inverse.ca> supp...@inverse.ca> > > not_after > > Oct 7 15:29:09 2021 GMT > > not_before > > Oct 7 15:29:09 2020 GMT > > serial > > A500DC03671C0E35 > > subject > > C=CA, ST=QC, L=Montreal, O=Inverse, CN=127.0.0.1, > emailAddress= <mailto:supp...@inverse.ca> supp...@inverse.ca > <mailto:emailAddress= <mailto:supp...@inverse.ca> supp...@inverse.ca> > > Is there any way to import and install a company wild card SSL > certificate into PF > > Eugene > > > > _______________________________________________ > PacketFence-users mailing list > <mailto:PacketFence-users@lists.sourceforge.net> > PacketFence-users@lists.sourceforge.net > <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > _______________________________________________ PacketFence-users mailing list <mailto:PacketFence-users@lists.sourceforge.net> PacketFence-users@lists.sourceforge.net <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list <mailto:PacketFence-users@lists.sourceforge.net> PacketFence-users@lists.sourceforge.net <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users
image005.wmz
Description: application/ms-wmz
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
