Menu
▾
▴
Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade
|
From: Louis M. <lm...@in...> - 2017-04-28 20:28:49
|
A bit of background seems in order. In PF 7.0 HAProxy sits in front of the httpd process for the portal. HAProxy terminates the TLS connection, not httpd. So you must tell HAProxy where to find your server certificate and key. Look at the var/conf/haproxy.conf. You will find the lines that configure ssl for each of the frontends. Those lines point to the server.pem file, which must contain the concatenation of both your server certificate(s) and server key. The conf/httpd.conf.d/ssl-certificates.conf files have nothing to do with that. > On Apr 28, 2017, at 9:33 AM, Virginie Girou <vir...@ut...> wrote: > > Hello, > > I am exactly in the same case. > Here is the content of /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf : > > # Apache SSL certificates configuration > # This file is manipulated on PacketFence's startup before being given to Apache > SSLCertificateFile %%install_dir%%/conf/ssl/certif_ut-capitole_fr.crt > SSLCertificateKeyFile %%install_dir%%/conf/ssl/cle_ut-capitole_fr.key > SSLCertificateChainFile %%install_dir%%/conf/ssl/cachain_digicert.pem > > I follow your advice : > cat certif_ut-capitole_fr.crt cle_ut-capitole_fr.key certif2_ut-capitole_fr.pem > > But where must "certif2_ut-capitole_fr.pem" be used ? Which config file ? > > Thanks Regards, -- Louis Munro lm...@in... <mailto:lm...@in...> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and PacketFence (www.packetfence.org <http://www.packetfence.org/>) |
