• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FOG Client on a Mac

Scheduled Pinned Locked Moved
Mac Problems
3
15
3.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hancocza
    last edited by Sep 15, 2017, 2:24 PM

    Hey Tom,

    My FOG server setup is setup to use https. On PC the https switch works fine, have about 200 computers able to install it and communicate with the server. It’s when I try with the same switch on Mac that i have the issue. Granted, when installing on PC i use the MSI installer with switches, not the SmartInstaller.

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Sebastian Roth Sep 17, 2017, 8:58 AM Sep 17, 2017, 2:55 PM

      @hancocza The HTTPS part of FOG/fog-client is still kind of new and not many people have used it so there might be an issue though the fog-client code is backed by a test framework. But let’s see what we can figure out first.

      • What OS/version is your FOG server running on?
      • Did you let FOG setup the apache config for you or did you set it up yourself?
      • Can you access http://x.x.x.x/fog/management/other/ca.cert.der using your browser (note this is a HTTP URL!)?

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      H 1 Reply Last reply Sep 18, 2017, 12:25 PM Reply Quote 0
      • H
        hancocza @Sebastian Roth
        last edited by Sep 18, 2017, 12:25 PM

        @sebastian-roth I am running FOG on Ubuntu 16.04 LTS, Fog version is 1.5.0-RC9. I let FOG setup the apache config on it’s own using the https switch in the installer, but then afterwards I changed the hostname to reflect the FQDN of our server, not the IP Address. Also, I pointed the apache config to a different location for certificates for the Web GUI over SSL. I am also able to access the ca.cert.der file using http.

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Sebastian Roth Sep 18, 2017, 8:28 AM Sep 18, 2017, 2:27 PM

          @hancocza said in FOG Client on a Mac:

          Also, I pointed the apache config to a different location for certificates for the Web GUI over SSL.

          Well, that is an issue I suppose. The CA (cert) you use does not have the “FOG CA” string in it that the client looks for… The SSL implementation of FOG is made to work out of the box as a self-signed piece but we haven’t made it ready for businesses having their own CA yet. Which cert is your ca.cert.der, it’s that of your company, right?

          Changing the settings.json is a nice hack on windows but I think we should get it right in the first place.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          H 1 Reply Last reply Sep 18, 2017, 2:36 PM Reply Quote 0
          • H
            hancocza @Sebastian Roth
            last edited by Sep 18, 2017, 2:36 PM

            @sebastian-roth
            I only use the CA for the Web GUI. I edited the etc\apache2\sites-enabled\001fog file to point to my company’s CA Cert. The ca.cert.der is still fog’s original cert, which i left in place because at the start of my switch to SSL, moving them caused issues with the SSL version of FOG Client. When I left the original certificates in place and edited the 001fog.conf file to point to the custom ones instead, the client works with SSL. On Windows, I no longer have to change the settings.json file, installing it with the switches works. It’s just on Mac OS that it doesn’t work with the switches.

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by Sep 18, 2017, 6:05 PM

              @hancocza From my point of view (not being the original developer of the fog-client code) I’d say that the usual way in SSL terms would be to generate a so called sub CA and let that be signed from your main company CA. Put that sub CA certificate and key in the right places, re-run the installer and let it create webserver cert and key from that “custom” sub CA. What you’d have to take care of when generating that sub CA is that it has the correct issuer and subject string:

              openssl x509 -in /var/www/fog/management/other/ca.cert.pem -text -noout
              Certificate:
                  Data:
                      Version: 3 (0x2)
                      Serial Number:
                          b2:19:a9:4d:35:bd:a6:f7
                  Signature Algorithm: sha512WithRSAEncryption
                      Issuer: CN=FOG Server CA
                      Validity
                          Not Before: Feb  3 21:17:05 2017 GMT
                          Not After : Feb  1 21:17:05 2027 GMT
                      Subject: CN=FOG Server CA
                      Subject Public Key Info:
                          Public Key Algorithm: rsaEncryption
                              Public-Key: (4096 bit)
              ...
              

              Note that CN=FOG Server CA.

              I’ll try to look into testing the fog-client on a Mac OS machine I have access too sometimes. But can’t promise when that will be.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              H 1 Reply Last reply Sep 18, 2017, 6:34 PM Reply Quote 0
              • H
                hancocza @Sebastian Roth
                last edited by Sep 18, 2017, 6:34 PM

                @sebastian-roth said in FOG Client on a Mac:
                No rush, I leave for a two week vacation tomorrow and it’s not a immediate issue. Thanks!

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by Sep 18, 2017, 7:34 PM

                  @hancocza Are you able to create a proper sub CA at all?

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  H 1 Reply Last reply Sep 19, 2017, 12:29 PM Reply Quote 0
                  • H
                    hancocza @Sebastian Roth
                    last edited by Sep 19, 2017, 12:29 PM

                    @sebastian-roth I’m not sure how to do that. We’ve talked about it before on this forum, re-rolling the client, but then i found if i leave the certs that the client looks for in their normal place, and then use the company’s certs for just the web server, it works fine, at least for PC clients which is a majority of what we have. Because of that and the fact that we only have like 5 iMacs, I haven’t really messed with it.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by Sep 19, 2017, 7:49 PM

                      @hancocza Looking into this in more detail I found out that our current fog-client is not able to handle sub/intermediate CAs. Although this would be the proper way to integrate custom CAs we can’t do this yet.

                      So back to your problem I reckon that your company CA cert is not known in the Mac OS X mono keychain and that’s why pinning fails. Did you import the CA cert to your Windows install? Should do this in Mac OS X as well.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      H 1 Reply Last reply Sep 20, 2017, 1:54 AM Reply Quote 0
                      • H
                        hancocza @Sebastian Roth
                        last edited by Sep 20, 2017, 1:54 AM

                        @sebastian-roth I didn’t import it on any installs that I’ve done. It always just installs the certificate that is on the server. I believe it’s called srvpublic or something like that, in the SSL folder.

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sebastian Roth Moderator
                          last edited by Sebastian Roth Sep 20, 2017, 1:24 AM Sep 20, 2017, 7:16 AM

                          @hancocza Most probably your windows PCs have the CA certificate (imported) that was used to sign the other certificates. To be more concrete - the .NET keystore has the right CA cert to verify the other certs. But probably the Mac OS X mono keystore doesn’t!

                          Edit: Which version of mono did you install and which version of Mac OS X do you use?

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          1 / 1
                          • First post
                            13/15
                            Last post

                          185

                          Online

                          12.0k

                          Users

                          17.3k

                          Topics

                          155.2k

                          Posts
                          Copyright © 2012-2024 FOG Project