Menu
▾
▴
Re: [PacketFence-users] Automate the update of the Radius and admin certificates
|
From: Rein v. ‘t V. <re...@va...> - 2026-02-02 09:17:51
|
<html class="apple-mail-supports-explicit-dark-mode"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Also: a few things to note:<div><br></div><div>Use pkcs#1 format, and RSA. Otherwise libSSL throws a fit. (It will work though)</div><div><br></div><div><br id="lineBreakAtBeginningOfSignature"><div dir="ltr">Sent from my iPhone</div><div dir="ltr"><br><blockquote type="cite">On 30 Jan 2026, at 17.08, Fabrice Durand via PacketFence-users <pac...@li...> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">Hello Michael,<div><br></div><div>Those are the path of the certificates to be updated:</div><div><a href="https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/file_paths.pm#L348-L353">https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/file_paths.pm#L348-L353</a></div><div>Once you updated the certs, you have to restart for the web:</div><div>haproxy-portal and haproxy-admin api-frontend</div><div>and for radius:</div><div>radiusd-load_balancer' radiusd-acct radiusd-auth radiusd-eduroam</div><div><a href="https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/ssl.pm#L52-L67">https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/ssl.pm#L52-L67</a></div><div><br></div><div>Regards</div><div>Fabrice</div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Le lun. 19 janv. 2026 à 10:30, Michael York via PacketFence-users <<a href="mailto:pac...@li...">pac...@li...</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg2940260830198144161"> <div dir="ltr"> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> Running a cluster of 3 version 14.1 servers. </div> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> I am trying to automate the process of updating the Radius and admin certificates using the ACME protocol.<br> I cannot use the Lets' Encrypt option directly. The servers are not directly connected to the web in anyway that would make this possible. nor do I want them to be.<br> I have the option to use the DNS integration with cloudflare for the verification and use this and use that successfully on other systems.</div> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> <br> </div> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> Basically looking for the correct way to inject the new certificate into the cluster config safely and have the services restart.<br> <br> Any help would be great!</div> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> <br> </div> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> Thanks</div> <div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"> <br> <br> </div> <p style="font-size:10pt;font-family:"Times New Roman""></p> <table style="width:900px" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td style="font-size:10pt;font-family:"Times New Roman";width:95px;padding-bottom:10px;padding-top:10px" valign="middle" rowspan="2" align="center"><span style="color:rgb(255,255,255)"><div><Riverview_Logo_d2a36e0a-069b-4ddf-931b-d2251d96a25d.png></div>.</span></td> <td style="font-size:10pt;font-family:"Times New Roman";width:5px;padding-bottom:10px;padding-top:10px" valign="top" rowspan="2"><span style="color:rgb(255,255,255)">.</span></td> <td style="width:800px;padding-bottom:5px;padding-top:10px" valign="top"><span style="color:rgb(19,19,19);font-family:"Times New Roman";font-size:14pt"><strong style="font-family:"Times New Roman";color:rgb(9,78,147)"> Michael York </strong><br></span><span style="color:rgb(154,154,154);font-family:"Times New Roman";font-size:14pt">ICT Infrastructure Services Manager</span> <br><strong style="color:rgb(9,78,147);font-family:"Times New Roman";font-size:10pt">Saint Ignatius' College Riverview</strong><br><font color="#094e93" face="Times New Roman">Cammeraigal Country</font><br><font color="#094e93" face="Times New Roman">115 Tambourine Bay Road, Riverview, NSW 2066</font><br><font color="#094e93" face="Times New Roman"><span style="font-size:9pt">+61 2 9882 8513</span></font><br><font color="#094e93" face="Times New Roman"><span style="font-size:9pt"></span></font></td></tr> <tr> <td style="font-size:9pt;font-family:"Times New Roman";width:700px;padding-bottom:10px" valign="bottom"> <p style="font-size:9pt;font-family:"Times New Roman""><div><Riverview_Line_058c02b8-c4dc-423f-b051-7025e7209800.png></div> <br><strong style="font-family:"Times New Roman";color:rgb(9,78,147)">As much as you can do, so much dare to do.</strong></p> </td></tr></tbody></table> <table style="width:900px" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td> </td> </tr> <tr> <td> <p style="font-size:9pt">At Riverview, we value the wellbeing of our staff. If your enquiry has been received outside standard school hours, our staff may not be available to respond to your email. We will endeavour to respond as promptly as possible.</p> <p style="font-size:9pt">Thank you for your understanding and cooperation.</p> </td> </tr> </tbody> </table> </div> _______________________________________________<br> PacketFence-users mailing list<br> <a href="mailto:Pac...@li..." target="_blank">Pac...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/packetfence-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><br> </div></blockquote></div> <span>_______________________________________________</span><br><span>PacketFence-users mailing list</span><br><span>Pac...@li...</span><br><span>https://lists.sourceforge.net/lists/listinfo/packetfence-users</span><br></div></blockquote></div></body></html> |
