CentOS 7 client fails to connect
-
We do not use a custom certificate.
I have installed this new version on the client. The error message in fog.log is now :--------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 1/27/2020 2:29:04 PM Client-Info Version: 0.11.18 1/27/2020 2:29:04 PM Client-Info OS: Linux 1/27/2020 2:29:04 PM Middleware::Authentication Waiting for authentication timeout\ to pass 1/27/2020 2:29:04 PM Middleware::Communication Download: https://fogus/fog/management/other/ssl/srvpublic.crt 1/27/2020 2:29:05 PM Middleware::Communication ERROR: SSL connection error: System\.Security.Cryptography.X509Certificates.X509ChainStatus[] 1/27/2020 2:29:05 PM Middleware::Communication ERROR: Could not download file 1/27/2020 2:29:05 PM Middleware::Communication ERROR: Error: TrustFailure (Authentication failed, see inner exception.)
On the server, I have had a log (in /var/log/httpd/access_log) when I installed the client :
148.60.3.96 - - [27/Jan/2020:14:16:38 +0100] "GET /fog/management/other/ca.cert.der HTTP/1.1" 200 1287 "-" "-" 148.60.3.96 - - [27/Jan/2020:14:16:39 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 237 "-" "-" 148.60.3.96 - - [27/Jan/2020:14:18:39 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 237 "-" "-"
But, after, when I restart the Fog service on the client, nothing is logged on the server.
-
@adrien17 said in CentOS 7 client fails to connect:
... GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 ...
Well that is interesting. I am fairly sure we have seen this happen a few days ago already but I canât seem to find the topic. Possibly this was lost when the forum went down. Right. This is probably the case.
So letâs try to get the information back together. Please run
wget --no-check-certificate https://fogus/fog/management/other/ssl/srvpublic.crt
on your CentOS client and post output here. -
@Sebastian-Roth said in CentOS 7 client fails to connect:
wget --no-check-certificate https://fogus/fog/management/other/ssl/srvpublic.crt
The log on the server is:
148.60.3.96 - - [27/Jan/2020:17:02:17 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1749 "-" "Wget/1.14 (linux-gnu)"
-
@adrien17 Have you modified the apache config by an chance?
-
@Sebastian-Roth
The apache configuration of our fog server is generated by fog -
@adrien17 Ahhhhh, should have remembered this earlier. Unfortunately there was an issue in the config being generated. Please edit
/etc/httpd/conf.d/fog.conf
and search for the lineSSLCertificateChainFile $webdirdest/management/other/ca.cert.der
and change to
SSLCACertificateFile $webdirdest/management/other/ca.cert.pem
Note the end of the line is also changed!! Then restart the webserver (
systemctl restart httpd
). -
The result is the same:
on the client the message error is again
âCommunication ERROR: SSL connection error: System.Security.Cryptography.X509Certificates.X509ChainStatus[]â
and on the server nothing is logged. -
@adrien17 said in CentOS 7 client fails to connect:
and on the server nothing is logged.
I thought you see the HTTP 302 redirect on the server?!?
-
No, there is not the 302 redirect in the log. Itâs as if the server receives no demand from the client.
I donât find the IP address of the client in the other files in /var/log/httpd. -
@adrien17 said in CentOS 7 client fails to connect:
On the server, I have had a log (in /var/log/httpd/access_log) when I installed the client :
Ahhhhh, sorry, I must have overlooked this was only from when you installed the fog-client.
I have searched the web for this error but havenât found a clue yet. I will try to set this up and see if I can replicate the error.
-
@adrien17 Ok, I was able to replicate, find and fix the issue. Arrrgh, should have looked into this before pushing out the new fog-client release yesterday. I knew 0.11.18 wouldnât be bug free but didnât think weâd catch one that quickly.
Download fixed DLL and put in
/opt/fog-service/Zazzles.dll
. Then stop and restart the client or reboot the computer. -
Okay, now the client gets the information from the server without error and can execute a task launched from the server.
Thanks a lot.