• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

I goofed up the cert for my FOG server(s). Can I recover?

Scheduled Pinned Locked Moved Solved
FOG Problems
3
20
3.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    THEMCV
    last edited by Oct 31, 2017, 2:45 PM

    FOG Server Ver: Working 69

    FOG Client: 0.11.12

    I was following the process lined out in the documentation for transferring everything to a new FOG server. For context, I moved from a physical machine to a Hyper-V Host.

    Everything was good until I powered up the old server again thinking I had changed the IP of it. I hadn’t. So now my FOG clients are not trusting the new FOG server.

    Hopefully this isn’t a start from scratch problem. 🙂

    W 1 Reply Last reply Oct 31, 2017, 4:46 PM Reply Quote 0
    • T
      THEMCV @Wayne Workman
      last edited by Dec 6, 2017, 5:44 PM

      @wayne-workman Hey Wayne, thanks for your help. You can close this. We are migrating to a new image anyways and I don’t have a ton that are deployed out, so I’m just going to start from scratch. Thank you very much. : )

      1 Reply Last reply Reply Quote 0
      • W
        Wayne Workman @THEMCV
        last edited by Oct 31, 2017, 4:46 PM

        @themcv Turn off the old server, and reset the encryption on all hosts. They should be fine.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
        Daily Clean Installation Results:
        https://fogtesting.fogproject.us/
        FOG Reporting:
        https://fog-external-reporting-results.fogproject.us/

        T 1 Reply Last reply Oct 31, 2017, 5:47 PM Reply Quote 0
        • T
          THEMCV @Wayne Workman
          last edited by Oct 31, 2017, 5:47 PM

          @wayne-workman Is there a way to do all of them at once?

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Oct 31, 2017, 6:01 PM

            @themcv said in I goofed up the cert for my FOG server(s). Can I recover?:

            So now my FOG clients are not trusting the new FOG server.

            What makes you think this is the case? Anything in the fog-client log? The encryption data on the server is more or less and entry in the DB so you can reset all at once by issuing a SQL update command but first let’s see what the actual issue is (logs…) before we are heading the wrong way with this.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            T 1 Reply Last reply Oct 31, 2017, 7:28 PM Reply Quote 1
            • T
              THEMCV @Sebastian Roth
              last edited by Oct 31, 2017, 7:28 PM

              @sebastian-roth said in I goofed up the cert for my FOG server(s). Can I recover?:

              Yep, sorry should have included that.

               10/31/2017 1:12 PM Data::RSA FOG Server CA cert found
               10/31/2017 1:12 PM Data::RSA ERROR: Certificate validation failed
               10/31/2017 1:12 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
               10/31/2017 1:12 PM Middleware::Authentication ERROR: Could not authenticate
               10/31/2017 1:12 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
              
              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Sebastian Roth Oct 31, 2017, 1:39 PM Oct 31, 2017, 7:38 PM

                @THEMCV Where is the certificate on the new FOG server from? Should be accessible via http://x.x.x.x/fog/management/other/ssl/srvpublic.crt. Is this a generated certificate from the FOG installer or a custom certificate?

                Does this happen on all your client? How many have you checked?

                The error Certificate is not from FOG CA indicates that something is wrong with that certificate. For now I don’t see this being an issue where clients need a reset on the encryption data…

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                T 1 Reply Last reply Oct 31, 2017, 7:44 PM Reply Quote 0
                • T
                  THEMCV @Sebastian Roth
                  last edited by Oct 31, 2017, 7:44 PM

                  @sebastian-roth Ooohh wait. I downloaded it and it is looking at the wrong IP. How can I re-issue the cert with it pointing to the right IP?

                  W 1 Reply Last reply Nov 4, 2017, 2:08 PM Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sebastian Roth Oct 31, 2017, 2:43 PM Oct 31, 2017, 8:43 PM

                    @THEMCV Wrong IP?!? Did you move that FOG server from hardware to Hyper-V and change the IP address as well? I hope you’re aware of this wiki article: https://wiki.fogproject.org/wiki/index.php/Change_FOG_Server_IP_Address

                    Is this certificate being generated by FOG?

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    T 1 Reply Last reply Nov 2, 2017, 4:51 PM Reply Quote 0
                    • W
                      Wayne Workman
                      last edited by Oct 31, 2017, 10:55 PM

                      This is exactly the sort of thing that is avoided by using DNS names instead of IPs when installing the FOG Client into images/onto hosts.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                      Daily Clean Installation Results:
                      https://fogtesting.fogproject.us/
                      FOG Reporting:
                      https://fog-external-reporting-results.fogproject.us/

                      1 Reply Last reply Reply Quote 0
                      • T
                        THEMCV @Sebastian Roth
                        last edited by Nov 2, 2017, 4:51 PM

                        @sebastian-roth Yes, and in the mixup I must have setup FOG when it had a different IP. Oops.

                        @Wayne-Workman You’re totally right. Old habit from when I first started working with FOG and that’s how the boss wanted it. 😛

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sebastian Roth Moderator
                          last edited by Nov 2, 2017, 6:49 PM

                          @themcv said in I goofed up the cert for my FOG server(s). Can I recover?:

                          I downloaded it and it is looking at the wrong IP. How can I re-issue the cert with it pointing to the right IP?

                          Make sure you have the IP right in all the places mentioned in the wiki. Then simply re-run the installer and it should issue a new cert for you having the correct IP set in ther cert subject.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          T 1 Reply Last reply Nov 3, 2017, 5:24 PM Reply Quote 1
                          • T
                            THEMCV @Sebastian Roth
                            last edited by Nov 3, 2017, 5:24 PM

                            @sebastian-roth No go. 😞

                             11/3/2017 1:22 PM Data::RSA FOG Server CA cert found
                             11/3/2017 1:22 PM Data::RSA ERROR: Certificate validation failed
                             11/3/2017 1:22 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                             11/3/2017 1:22 PM Middleware::Authentication ERROR: Could not authenticate
                             11/3/2017 1:22 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
                            

                            Getting this still unfortunately. IP address in the cert is correct now, but I’m getting there’s something still up. Is there anything else I can do?

                            W 1 Reply Last reply Nov 3, 2017, 6:15 PM Reply Quote 0
                            • W
                              Wayne Workman @THEMCV
                              last edited by Wayne Workman Nov 3, 2017, 12:15 PM Nov 3, 2017, 6:15 PM

                              @themcv Did you transfer the correct certificate from the old fog server to the new one? I have steps outlined on how to do this here: https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG#If_old_server_was_FOG_1.3.0.2B There’s also these more generalized steps that describe the same process: https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Maintain_Control_Of_Hosts_When_Building_New_Server

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                              Daily Clean Installation Results:
                              https://fogtesting.fogproject.us/
                              FOG Reporting:
                              https://fog-external-reporting-results.fogproject.us/

                              T 1 Reply Last reply Nov 3, 2017, 6:29 PM Reply Quote 1
                              • T
                                THEMCV @Wayne Workman
                                last edited by Nov 3, 2017, 6:29 PM

                                @wayne-workman Errr- no. I actually don’t think I did. I must have missed that.

                                I will do that as soon as I get back into the office.

                                W 1 Reply Last reply Nov 9, 2017, 2:05 AM Reply Quote 0
                                • W
                                  Wayne Workman @THEMCV
                                  last edited by Wayne Workman Nov 4, 2017, 8:09 AM Nov 4, 2017, 2:08 PM

                                  @themcv said in I goofed up the cert for my FOG server(s). Can I recover?:

                                  How can I re-issue the cert with it pointing to the right IP?

                                  The IP in the cert (if theres even one there, which I don’t remember one being there) does not tell the FOG Client which FOG Server to communicate with, the IP address or DNS name that you enter during the FOG Client installation is what dictates which FOG Server to communicate with.

                                  If your new FOG Server has been given the same IP as the old one, and the old one’s IP has been changed to something else, then you’re close to fixing this. You just need to move the ssl directory from the old fog server to the new one and re-run the installer.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                  Daily Clean Installation Results:
                                  https://fogtesting.fogproject.us/
                                  FOG Reporting:
                                  https://fog-external-reporting-results.fogproject.us/

                                  1 Reply Last reply Reply Quote 0
                                  • W
                                    Wayne Workman @THEMCV
                                    last edited by Nov 9, 2017, 2:05 AM

                                    @themcv Did you get this fixed?

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                    Daily Clean Installation Results:
                                    https://fogtesting.fogproject.us/
                                    FOG Reporting:
                                    https://fog-external-reporting-results.fogproject.us/

                                    T 1 Reply Last reply Nov 9, 2017, 6:28 PM Reply Quote 1
                                    • T
                                      THEMCV @Wayne Workman
                                      last edited by Nov 9, 2017, 6:28 PM

                                      @wayne-workman No, not yet. 😞 I’m sorry, I’ve been promoted so I am sorta swamped with a ton of projects. I promise I will update as soon as I can.

                                      1 Reply Last reply Reply Quote 0
                                      • T
                                        THEMCV
                                        last edited by Nov 21, 2017, 7:44 PM

                                        Well bad news

                                         11/21/2017 2:42 PM Data::RSA FOG Server CA cert found
                                         11/21/2017 2:42 PM Data::RSA ERROR: Certificate validation failed
                                         11/21/2017 2:42 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
                                         11/21/2017 2:42 PM Middleware::Authentication ERROR: Could not authenticate
                                         11/21/2017 2:42 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
                                        

                                        Looks like this is going to be a case of starting fresh.

                                        W 1 Reply Last reply Nov 21, 2017, 8:18 PM Reply Quote 0
                                        • W
                                          Wayne Workman @THEMCV
                                          last edited by Wayne Workman Nov 21, 2017, 2:19 PM Nov 21, 2017, 8:18 PM

                                          @themcv I promise the steps to move the cert over work correctly. I’ve done it like 3 times myself.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                          Daily Clean Installation Results:
                                          https://fogtesting.fogproject.us/
                                          FOG Reporting:
                                          https://fog-external-reporting-results.fogproject.us/

                                          T 1 Reply Last reply Dec 6, 2017, 5:44 PM Reply Quote 0
                                          • T
                                            THEMCV @Wayne Workman
                                            last edited by Dec 6, 2017, 5:44 PM

                                            @wayne-workman Hey Wayne, thanks for your help. You can close this. We are migrating to a new image anyways and I don’t have a ton that are deployed out, so I’m just going to start from scratch. Thank you very much. : )

                                            1 Reply Last reply Reply Quote 0
                                            • 1 / 1
                                            • First post
                                              Last post

                                            158

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project