CentOS 7 client fails to connect

adrien17

We do not use a custom certificate.
I have installed this new version on the client. The error message in fog.log is now :

--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 1/27/2020 2:29:04 PM Client-Info Version: 0.11.18
 1/27/2020 2:29:04 PM Client-Info OS:      Linux
 1/27/2020 2:29:04 PM Middleware::Authentication Waiting for authentication timeout\
 to pass
 1/27/2020 2:29:04 PM Middleware::Communication Download: https://fogus/fog/management/other/ssl/srvpublic.crt
 1/27/2020 2:29:05 PM Middleware::Communication ERROR: SSL connection error: System\.Security.Cryptography.X509Certificates.X509ChainStatus[]
 1/27/2020 2:29:05 PM Middleware::Communication ERROR: Could not download file
 1/27/2020 2:29:05 PM Middleware::Communication ERROR: Error: TrustFailure (Authentication failed, see inner exception.)

On the server, I have had a log (in /var/log/httpd/access_log) when I installed the client :

148.60.3.96 - - [27/Jan/2020:14:16:38 +0100] "GET /fog/management/other/ca.cert.der HTTP/1.1" 200 1287 "-" "-"
148.60.3.96 - - [27/Jan/2020:14:16:39 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 237 "-" "-"
148.60.3.96 - - [27/Jan/2020:14:18:39 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 237 "-" "-"

But, after, when I restart the Fog service on the client, nothing is logged on the server.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

... GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 ...

Well that is interesting. I am fairly sure we have seen this happen a few days ago already but I can’t seem to find the topic. Possibly this was lost when the forum went down. Right. This is probably the case.

So let’s try to get the information back together. Please run wget --no-check-certificate https://fogus/fog/management/other/ssl/srvpublic.crt on your CentOS client and post output here.

adrien17

@Sebastian-Roth said in CentOS 7 client fails to connect:

wget --no-check-certificate https://fogus/fog/management/other/ssl/srvpublic.crt

The log on the server is:

148.60.3.96 - - [27/Jan/2020:17:02:17 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1749 "-" "Wget/1.14 (linux-gnu)"

Sebastian Roth

@adrien17 Have you modified the apache config by an chance?

lebrun78

@Sebastian-Roth
The apache configuration of our fog server is generated by fog

Sebastian Roth

@adrien17 Ahhhhh, should have remembered this earlier. Unfortunately there was an issue in the config being generated. Please edit /etc/httpd/conf.d/fog.conf and search for the line

SSLCertificateChainFile $webdirdest/management/other/ca.cert.der

and change to

SSLCACertificateFile $webdirdest/management/other/ca.cert.pem

Note the end of the line is also changed!! Then restart the webserver (systemctl restart httpd).

adrien17

The result is the same:
on the client the message error is again
“Communication ERROR: SSL connection error: System.Security.Cryptography.X509Certificates.X509ChainStatus[]”
and on the server nothing is logged.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

and on the server nothing is logged.

I thought you see the HTTP 302 redirect on the server?!?

adrien17

No, there is not the 302 redirect in the log. It’s as if the server receives no demand from the client.
I don’t find the IP address of the client in the other files in /var/log/httpd.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

On the server, I have had a log (in /var/log/httpd/access_log) when I installed the client :

Ahhhhh, sorry, I must have overlooked this was only from when you installed the fog-client.

I have searched the web for this error but haven’t found a clue yet. I will try to set this up and see if I can replicate the error.

Sebastian Roth

@adrien17 Ok, I was able to replicate, find and fix the issue. Arrrgh, should have looked into this before pushing out the new fog-client release yesterday. I knew 0.11.18 wouldn’t be bug free but didn’t think we’d catch one that quickly.

Download fixed DLL and put in /opt/fog-service/Zazzles.dll. Then stop and restart the client or reboot the computer.

adrien17

Okay, now the client gets the information from the server without error and can execute a task launched from the server.
Thanks a lot.