Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PF 12.1 ZEN: Generate new cert on reboot #7568

Closed
lzammit opened this issue Mar 3, 2023 · 2 comments · Fixed by #7569
Closed

PF 12.1 ZEN: Generate new cert on reboot #7568

lzammit opened this issue Mar 3, 2023 · 2 comments · Fixed by #7569
Assignees
@nqb
Labels
Priority: High Type: Bug
Milestone
PacketFence-12.2

Comments

@lzammit
Copy link
Contributor

lzammit commented Mar 3, 2023

Issue on the rc.local where it re-generate the cert upon reboot.
@lzammit lzammit added this to the PacketFence-12.2 milestone Mar 3, 2023
@nqb
Copy link
Contributor

nqb commented Mar 6, 2023

More details:

This issue affects ZEN 12.1 installations. If you replaced default RADIUS certificate and you reboot, /etc/rc.local will generate a new key under /usr/local/pf/raddb/certs/server.key which will prevent RADIUS service to start because certificate and key don't match.

@nqb nqb mentioned this issue Mar 6, 2023
Merged
@nqb
Copy link
Contributor

nqb commented Mar 6, 2023
edited
Loading

How to identify a ZEN 12.1 installation affected ?

Check if /etc/rc.local contains these three lines in that order:

    make -C /usr/local/pf conf/ssl/server.pem
    make -C /usr/local/pf conf/local_secret
    make -C /usr/local/pf/raddb/certs

If yes, your ZEN installation need to be patched

Important: if you didn't perform a ZEN installation using ZEN 12.1 image, you are not affected.

To patch ZEN 12.1 installations (running 12.1 or greater)

cd /tmp/
wget https://github.com/inverse-inc/packetfence/files/10897043/rc-local.patch
patch /etc/rc.local /tmp/rc-local.patch

rc-local.patch

@JeGoi JeGoi closed this as completed in 71960f9 Mar 6, 2023
nqb added a commit that referenced this issue Mar 8, 2023
@nqb
fix(docs): upgrade note for ZEN 12.1 installations
456c2a8 
Related to #7568
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nqb nqb

Labels
Priority: High Type: Bug
Projects
None yet
Milestone
PacketFence-12.2
Development

Successfully merging a pull request may close this issue.

ZEN: Call make in raddb/certs only once inverse-inc/packetfence
2 participants
@lzammit @nqb