"
While reconfiguring the captive portal the .pem file was rewritten by the system, so the problem with the single line happened again. I exported .key and .crt and imported it again with an empty line at the end of the "Certificate Data" form. Now the .pem file works if I reconfigure settings of the captive portal.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
16.1 Legacy Series / Re: Captive Portal & External SSL Certificate
April 19, 2016, 11:41:08 PM
Thanks for your answer, with the output from the commands I was able to get it working for now.
Output was:
With this information, I checked the file with "openssl x509 -noout -text -inform PEM -in /var/etc/cert-cp-zone0.pem" and got "4389603492760:error:0906D066:PEM routines:PEM_read_bio:bad end line". I edited the .pem file and added a break between the "END CERTIFICATE" and "BEGIN KEY" section, because it was a single line.
I don't know if I made a mistake while pasting the data into the webConfigurator and I will try with another test certificate to add a newline at the end of the certificate data form.
Thanks for your help!
jpm01
Output was:
Code Select
root@OPNsense:~ # ps fax | grep lighttpd
74527 - S 0:00.72 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
90199 - S 0:00.24 /usr/local/sbin/lighttpd -f /var/etc/lighttpd-api-dispatcher.conf
68155 0 S+ 0:00.00 grep lighttpd
Code Select
root@OPNsense:~ # ls -asl /var/etc/lighttpd-*
4 -rw-r----- 1 root wheel 2084 Apr 19 21:41 /var/etc/lighttpd-api-dispatcher.conf
8 -rw-r----- 1 root wheel 7728 Apr 19 21:41 /var/etc/lighttpd-cp-zone-0.conf
Code Select
root@OPNsense:~ # /usr/local/sbin/lighttpd -D -f /var/etc/lighttpd-cp-zone-0.conf
2016-04-19 23:20:06: (network.c.542) SSL: couldn't read X509 certificate from '/var/etc/cert-cp-zone0.pem'
With this information, I checked the file with "openssl x509 -noout -text -inform PEM -in /var/etc/cert-cp-zone0.pem" and got "4389603492760:error:0906D066:PEM routines:PEM_read_bio:bad end line". I edited the .pem file and added a break between the "END CERTIFICATE" and "BEGIN KEY" section, because it was a single line.
I don't know if I made a mistake while pasting the data into the webConfigurator and I will try with another test certificate to add a newline at the end of the certificate data form.
Thanks for your help!
jpm01
#3
16.1 Legacy Series / Re: Captive Portal & External SSL Certificate
April 19, 2016, 09:55:13 PM
I tried again with a new CSR from the OPNsense system and a certificate issued by ssl.com. Still the same, captive portal service is shown as running and no errors in any logfiles, but connection times out on the client and netstat and sockstat on the OPNsense doesn't show any listening ports other than *:80 for lighttpd.
If I select "none" or the webconfigurator certificate, port *:8000 shows up in netstat and the portal works.
If I select "none" or the webconfigurator certificate, port *:8000 shows up in netstat and the portal works.
#4
16.1 Legacy Series / [SOLVED] Captive Portal & External SSL Certificate
April 19, 2016, 01:19:54 PM
Hi,
I tried to set up a captive portal with an external certificate from StartSSL. Without https the portal runs fine, if I select the web configurator default certificate it also works. If I select the imported StartSSL certificate, the redirection to the portal times out. There are no errors shown in the logs, but it seems that lighttpd doesn't run on the cp port. The certificate and ca where imported from an old pfSense install which worked with the same configuration.
I tried to set up a captive portal with an external certificate from StartSSL. Without https the portal runs fine, if I select the web configurator default certificate it also works. If I select the imported StartSSL certificate, the redirection to the portal times out. There are no errors shown in the logs, but it seems that lighttpd doesn't run on the cp port. The certificate and ca where imported from an old pfSense install which worked with the same configuration.
Pages1
