I goofed up the cert for my FOG server(s). Can I recover?

Sebastian Roth

@themcv said in I goofed up the cert for my FOG server(s). Can I recover?:

I downloaded it and it is looking at the wrong IP. How can I re-issue the cert with it pointing to the right IP?

Make sure you have the IP right in all the places mentioned in the wiki. Then simply re-run the installer and it should issue a new cert for you having the correct IP set in ther cert subject.

THEMCV

@sebastian-roth No go.

 11/3/2017 1:22 PM Data::RSA FOG Server CA cert found
 11/3/2017 1:22 PM Data::RSA ERROR: Certificate validation failed
 11/3/2017 1:22 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
 11/3/2017 1:22 PM Middleware::Authentication ERROR: Could not authenticate
 11/3/2017 1:22 PM Middleware::Authentication ERROR: Certificate is not from FOG CA

Getting this still unfortunately. IP address in the cert is correct now, but I’m getting there’s something still up. Is there anything else I can do?

Wayne Workman

@themcv Did you transfer the correct certificate from the old fog server to the new one? I have steps outlined on how to do this here: https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG#If_old_server_was_FOG_1.3.0.2B There’s also these more generalized steps that describe the same process: https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Maintain_Control_Of_Hosts_When_Building_New_Server

THEMCV

@wayne-workman Errr- no. I actually don’t think I did. I must have missed that.

I will do that as soon as I get back into the office.

Wayne Workman

@themcv said in I goofed up the cert for my FOG server(s). Can I recover?:

How can I re-issue the cert with it pointing to the right IP?

The IP in the cert (if theres even one there, which I don’t remember one being there) does not tell the FOG Client which FOG Server to communicate with, the IP address or DNS name that you enter during the FOG Client installation is what dictates which FOG Server to communicate with.

If your new FOG Server has been given the same IP as the old one, and the old one’s IP has been changed to something else, then you’re close to fixing this. You just need to move the ssl directory from the old fog server to the new one and re-run the installer.

Wayne Workman

@themcv Did you get this fixed?

THEMCV

@wayne-workman No, not yet. I’m sorry, I’ve been promoted so I am sorta swamped with a ton of projects. I promise I will update as soon as I can.

THEMCV

Well bad news

 11/21/2017 2:42 PM Data::RSA FOG Server CA cert found
 11/21/2017 2:42 PM Data::RSA ERROR: Certificate validation failed
 11/21/2017 2:42 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
 11/21/2017 2:42 PM Middleware::Authentication ERROR: Could not authenticate
 11/21/2017 2:42 PM Middleware::Authentication ERROR: Certificate is not from FOG CA

Looks like this is going to be a case of starting fresh.

Wayne Workman

@themcv I promise the steps to move the cert over work correctly. I’ve done it like 3 times myself.

THEMCV

@wayne-workman Hey Wayne, thanks for your help. You can close this. We are migrating to a new image anyways and I don’t have a ton that are deployed out, so I’m just going to start from scratch. Thank you very much. : )