• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

can't install fog client 0.11.19 "Unable to install CA certificate"

Scheduled Pinned Locked Moved Solved
FOG Problems
2
15
570
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lebrun78
    last edited by lebrun78 Mar 3, 2020, 6:53 AM Mar 3, 2020, 11:42 AM

    Hello
    I upgraded my server from 1.5.7.60 to 1.5.8 yesterday.
    I can’t install my fog client using msi file.
    I get “Unable to install CA certificate”
    Could you help me ?

    Arnaud

    Fog Version: Fog 1.5.10
    Server OS: AlmaLinux release 8.8

    1 Reply Last reply Reply Quote 1
    • L
      lebrun78
      last edited by Mar 3, 2020, 12:56 PM

      I tried with the smart installer and I got the same error.

      Fog Version: Fog 1.5.10
      Server OS: AlmaLinux release 8.8

      1 Reply Last reply Reply Quote 0
      • L
        lebrun78
        last edited by Mar 3, 2020, 4:26 PM

        I installed the client without the https.
        After installation, I edited the settings.json file to enable https.
        I get the following error in the log

        ------------------------------------------------------------------------------
        --------------------------------Authentication--------------------------------
        ------------------------------------------------------------------------------
         03/03/2020 17:13:59 Client-Info Version: 0.11.19
         03/03/2020 17:13:59 Client-Info OS:      Windows
         03/03/2020 17:13:59 Middleware::Authentication Waiting for authentication timeout to pass
         03/03/2020 17:13:59 Middleware::Communication Download: https://fogus.istic.univ-rennes1.fr/fog/management/other/ssl/srvpublic.crt
         03/03/2020 17:13:59 Data::RSA FOG Server CA cert found
         03/03/2020 17:13:59 Data::RSA ERROR: Certificate validation failed
         03/03/2020 17:13:59 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: Une chaîne de certificats n’a pas pu être établie vers une autorité racine de confiance. (PartialChain)
         03/03/2020 17:13:59 Middleware::Communication SSL certificate chain error: Une chaîne de certificats a été traitée mais s’est terminée par un certificat racine qui n’est pas approuvé par le fournisseur d’approbation.
        
         03/03/2020 17:13:59 Middleware::Communication ERROR: Could not download file
         03/03/2020 17:13:59 Middleware::Communication ERROR: La connexion sous-jacente a été fermée : Impossible d'établir une relation de confiance pour le canal sécurisé SSL/TLS.
        

        Fog Version: Fog 1.5.10
        Server OS: AlmaLinux release 8.8

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Sebastian Roth Mar 3, 2020, 11:46 AM Mar 3, 2020, 5:41 PM

          @lebrun78 said in can't install fog client 0.11.19 "Unable to install CA certificate":

          I can’t install my fog client using msi file.

          Do you have other hosts with fog-client already installed from before the update? Do they still work properly?

          Are you sure the installer script finished all the way to the end? Restarted the whole server after that (usually not needed but give it a try in this case).

          Have you messed with the certificates on your FOG server at some point?

          Please run the following commands to see if the certs are still fine - post output here:

          grep -e pem -e key /etc/apache2/sites-available/*.conf
          md5sum /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
          openssl verify -verbose -CAfile /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/fog/management/other/ssl/srvpublic.crt
          echo -n | openssl s_client -CAfile /var/www/html/fog/management/other/ca.cert.pem -connect fogus.istic.univ-rennes1.fr:443 | head
          

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • L
            lebrun78
            last edited by Mar 4, 2020, 11:32 AM

            Hello Sebastian,
            I 've just restart the serer.
            On an old installation client I get

            ------------------------------------------------------------------------------
            --------------------------------Authentication--------------------------------
            ------------------------------------------------------------------------------
             04/03/2020 11:45:48 Client-Info Version: 0.11.19
             04/03/2020 11:45:48 Client-Info OS:      Windows
             04/03/2020 11:45:48 Middleware::Authentication Waiting for authentication timeout to pass
             04/03/2020 11:45:48 Middleware::Communication Download: https://fogus/fog/management/other/ssl/srvpublic.crt
             04/03/2020 11:45:48 Data::RSA FOG Server CA cert found
             04/03/2020 11:45:48 Middleware::Authentication Cert OK
             04/03/2020 11:45:48 Middleware::Authentication ERROR: Could not get security token
             04/03/2020 11:45:48 Middleware::Authentication ERROR: Le chemin d’accès spécifié est introuvable.
            
             04/03/2020 11:45:48 Middleware::Communication POST URL: https://fogus/fog/management/index.php?sub=requestClientInfo&authorize&newService
             04/03/2020 11:45:48 Middleware::Response Success
             04/03/2020 11:45:48 Middleware::Authentication Authenticated
            
            
             04/03/2020 11:45:48 Middleware::Communication URL: https://fogus/fog/management/index.php?sub=requestClientInfo&configure&newService&json
             04/03/2020 11:45:48 Middleware::Response Success
             04/03/2020 11:45:48 Middleware::Communication URL: https://fogus/fog/management/index.php?sub=requestClientInfo&mac=52:54:00:CE:A1:DD&newService&json
             04/03/2020 11:45:49 Middleware::Response Success
             04/03/2020 11:45:49 Middleware::Communication URL: https://fogus/fog/service/getversion.php?clientver&newService&json
             04/03/2020 11:45:49 Middleware::Communication URL: https://fogus/fog/service/getversion.php?newService&json
            
             04/03/2020 11:45:49 Service Creating user agent cache
             04/03/2020 11:45:49 Middleware::Response Success
             04/03/2020 11:45:49 Middleware::Response Module is disabled globally on the FOG server
             04/03/2020 11:45:49 Middleware::Response Success
             04/03/2020 11:45:49 Service Initializing modules
            
            ------------------------------------------------------------------------------
            ---------------------------------ClientUpdater--------------------------------
            ------------------------------------------------------------------------------
             04/03/2020 11:45:49 Client-Info Client Version: 0.11.19
             04/03/2020 11:45:49 Client-Info Client OS:      Windows
             04/03/2020 11:45:49 Client-Info Server Version: 1.5.8
             04/03/2020 11:45:49 Middleware::Response Success
            ------------------------------------------------------------------------------
            

            It seems working even if I have this errors in thelog:

            Middleware::Authentication ERROR: Could not get security token
             04/03/2020 11:45:48 Middleware::Authentication ERROR: Le chemin d’accès spécifié est introuvable.
            
            

            On the server:

            grep -e pem -e key /etc/httpd/conf.d/*.conf
            /etc/httpd/conf.d/fog.conf:    SSLCertificateKeyFile /opt/fog/snapins/ssl//.srvprivate.key
            /etc/httpd/conf.d/fog.conf:    SSLCACertificateFile /var/www/html/fog//management/other/ca.cert.pem
            /etc/httpd/conf.d/ssl.conf:#   If the key is not combined with the certificate, use this
            /etc/httpd/conf.d/ssl.conf:#   directive to point at the key file.  Keep in mind that if
            /etc/httpd/conf.d/ssl.conf:#   you've both a RSA and a DSA private key you can configure
            /etc/httpd/conf.d/ssl.conf:#   ECC keys, when in use, can also be configured in parallel
            /etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
            
            
            md5sum /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/html/fog/management/other/ca.cert.pem
            c5023563df0eeeac5186bd9b641426dc  /opt/fog/snapins/ssl/CA/.fogCA.pem
            c5023563df0eeeac5186bd9b641426dc  /var/www/html/fog/management/other/ca.cert.pem
            
            
            openssl verify -verbose -CAfile /opt/fog/snapins/ssl/CA/.fogCA.pem /var/www/fog/management/other/ssl/srvpublic.crt
            /var/www/fog/management/other/ssl/srvpublic.crt: OK
            
            

            May be the problem is here, initially the server name was fogus2, rename to fogus
            with this command that you proposed to me, we find traces of fogus2

            echo -n | openssl s_client -CAfile /var/www/html/fog/management/other/ca.cert.pem -connect fogus.istic.univ-rennes1.fr:443 | head
            depth=1 C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
            verify error:num=19:self signed certificate in certificate chain
            verify return:1
            depth=1 C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
            verify return:1
            depth=0 C = US, O = Unspecified, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
            verify return:1
            CONNECTED(00000003)
            ---
            Certificate chain
             0 s:C = US, O = Unspecified, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
               i:C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
             1 s:C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
               i:C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
            ---
            Server certificate
            -----BEGIN CERTIFICATE-----
            DONE
            
            

            Fog Version: Fog 1.5.10
            Server OS: AlmaLinux release 8.8

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by Sebastian Roth Mar 4, 2020, 9:26 AM Mar 4, 2020, 3:08 PM

              @lebrun78 Well, fairly clear. You seem to have a custom CA installed on your FOG server. While it’s fine to do it’s not supported by FOG yet and running the installer will mess things up. I am in the process of changing this but it needs a lot more work.

              Please run grep "SSLC" /etc/httpd/conf.d/*.conf and post output here.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • L
                lebrun78
                last edited by Mar 5, 2020, 7:41 AM

                @Sebastian-Roth

                Thank you for your help Sebastian, I’m not good at all in cert management !

                grep “SSLC” /etc/httpd/conf.d/*.conf

                /etc/httpd/conf.d/fog.conf:    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
                /etc/httpd/conf.d/fog.conf:    SSLCertificateFile /var/www/html/fog//management/other/ssl/srvpublic.crt
                /etc/httpd/conf.d/fog.conf:    SSLCertificateKeyFile /opt/fog/snapins/ssl//.srvprivate.key
                /etc/httpd/conf.d/fog.conf:    SSLCACertificateFile /var/www/html/fog//management/other/ca.cert.pem
                /etc/httpd/conf.d/ssl.conf:# Use "SSLCryptoDevice" to enable any supported hardware
                /etc/httpd/conf.d/ssl.conf:SSLCryptoDevice builtin
                /etc/httpd/conf.d/ssl.conf:#SSLCryptoDevice ubsec
                /etc/httpd/conf.d/ssl.conf:SSLCipherSuite PROFILE=SYSTEM
                /etc/httpd/conf.d/ssl.conf:#   Point SSLCertificateFile at a PEM encoded certificate.  If
                /etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
                /etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
                /etc/httpd/conf.d/ssl.conf:#   Point SSLCertificateChainFile at a file containing the
                /etc/httpd/conf.d/ssl.conf:#   the referenced file can be the same as SSLCertificateFile
                /etc/httpd/conf.d/ssl.conf:#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
                /etc/httpd/conf.d/ssl.conf:#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
                

                Fog Version: Fog 1.5.10
                Server OS: AlmaLinux release 8.8

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by Mar 5, 2020, 8:46 PM

                  @lebrun78 I have a feeling that the hostname does not point to the server you think it should point to. Please run the following commands on your FOG server and post output here:

                  ping -c 1 fogus
                  ping -c 1 fogus.istic.univ-rennes1.fr
                  ping -c 1 fogus2.istic.univ-rennes1.fr
                  ip a s
                  

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 0
                  • L
                    lebrun78
                    last edited by Mar 6, 2020, 7:45 AM

                    Here are the result fo the command:

                    ping -c 1 fogus2.istic.univ-rennes1.fr
                    ping: fogus2.istic.univ-rennes1.fr: Nom ou service inconnu
                    [root@fogus ~]# ping -c 1 fogus.istic.univ-rennes1.fr
                    PING fogus.istic.univ-rennes1.fr (148.60.4.1) 56(84) bytes of data.
                    64 bytes from fogus.istic.univ-rennes1.fr (148.60.4.1): icmp_seq=1 ttl=64 time=0.035 ms
                    
                    --- fogus.istic.univ-rennes1.fr ping statistics ---
                    1 packets transmitted, 1 received, 0% packet loss, time 0ms
                    rtt min/avg/max/mdev = 0.035/0.035/0.035/0.000 ms
                    [root@fogus ~]# ping -c 1 fogus
                    PING fogus.istic.univ-rennes1.fr (148.60.4.1) 56(84) bytes of data.
                    64 bytes from fogus.istic.univ-rennes1.fr (148.60.4.1): icmp_seq=1 ttl=64 time=0.051 ms
                    
                    --- fogus.istic.univ-rennes1.fr ping statistics ---
                    1 packets transmitted, 1 received, 0% packet loss, time 0ms
                    rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
                    [root@fogus ~]# ping -c 1 fogus2
                    ping: fogus2: Nom ou service inconnu
                    
                    ip a s
                    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
                        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
                        inet 127.0.0.1/8 scope host lo
                           valid_lft forever preferred_lft forever
                        inet6 ::1/128 scope host 
                           valid_lft forever preferred_lft forever
                    2: ens2f0np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
                        link/ether b0:26:28:78:ce:d0 brd ff:ff:ff:ff:ff:ff
                        inet 148.60.4.1/21 brd 148.60.7.255 scope global noprefixroute ens2f0np0
                           valid_lft forever preferred_lft forever
                        inet6 fe80::b226:28ff:fe78:ced0/64 scope link 
                           valid_lft forever preferred_lft forever
                    3: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
                        link/ether 4c:d9:8f:8e:41:0f brd ff:ff:ff:ff:ff:ff
                    4: ens2f1np1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
                        link/ether b0:26:28:78:ce:d1 brd ff:ff:ff:ff:ff:ff
                    5: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
                        link/ether 4c:d9:8f:8e:41:10 brd ff:ff:ff:ff:ff:ff
                    6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
                        link/ether 52:54:00:1e:69:b9 brd ff:ff:ff:ff:ff:ff
                        inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
                           valid_lft forever preferred_lft forever
                    7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
                        link/ether 52:54:00:1e:69:b9 brd ff:ff:ff:ff:ff:ff
                    

                    I try to find fogus2 string in /etc:

                    grep -Ri fogus2 /etc/*
                    grep: /etc/grub2.cfg: Aucun fichier ou dossier de ce type
                    grep: /etc/httpd/run/cgisock.2085: Aucun périphérique ou adresse
                    /etc/lvm/backup/cl:creation_host = "fogus2.istic.univ-rennes1.fr"	# Linux fogus2.istic.univ-rennes1.fr 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64
                    /etc/lvm/archive/cl_00000-2032209725.vg:creation_host = "fogus2.istic.univ-rennes1.fr"	# Linux fogus2.istic.univ-rennes1.fr 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64
                    /etc/mail/sendmail.cf:##### built by root@fogus2.istic.univ-rennes1.fr on ven. nov. 29 09:28:55 CET 2019
                    
                    

                    Fog Version: Fog 1.5.10
                    Server OS: AlmaLinux release 8.8

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by Mar 6, 2020, 10:12 AM

                      @lebrun78 DNS naming seems ok. fogus2* doesn’t exist and fogus* both point to the same IP which we see in ip a s as well.

                      But …

                      echo -n | openssl s_client -CAfile /var/www/html/fog/management/other/ca.cert.pem -connect fogus.istic.univ-rennes1.fr:443 | head
                      depth=1 C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
                      verify error:num=19:self signed certificate in certificate chain
                      verify return:1
                      depth=1 C = US, O = Unspecified, OU = ca-7711430350767482536, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
                      verify return:1
                      depth=0 C = US, O = Unspecified, CN = fogus2.istic.univ-rennes1.fr, emailAddress = root@fogus2.istic.univ-rennes1.fr
                      verify return:1
                      CONNECTED(00000003)

                      This obviously tells us there are other certificates in place. Ahhhh… I just remembered seeing some weird issue with virtual host naming on Ubuntu one day. I can imagine this happening to you here as well, maybe different but still.

                      Run the following two commands and post full output here.

                      apachectl -S
                      grep Server /etc/httpd/conf.d/*
                      

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      1 Reply Last reply Reply Quote 0
                      • L
                        lebrun78
                        last edited by Mar 6, 2020, 1:54 PM

                        @Sebastian-Roth said in can't install fog client 0.11.19 "Unable to install CA certificate":

                        apachectl -S
                        grep Server /etc/httpd/conf.d/*

                        [root@fogus ~]# apachectl -S

                        VirtualHost configuration:
                        *:80                   148.60.4.1 (/etc/httpd/conf.d/fog.conf:1)
                        *:443                  is a NameVirtualHost
                                 default server 148.60.4.1 (/etc/httpd/conf.d/fog.conf:14)
                                 port 443 namevhost 148.60.4.1 (/etc/httpd/conf.d/fog.conf:14)
                                         alias fogus
                                 port 443 namevhost fogus.istic.univ-rennes1.fr (/etc/httpd/conf.d/ssl.conf:40)
                        ServerRoot: "/etc/httpd"
                        Main DocumentRoot: "/var/www/html"
                        Main ErrorLog: "/etc/httpd/logs/error_log"
                        Mutex authdigest-opaque: using_defaults
                        Mutex watchdog-callback: using_defaults
                        Mutex proxy-balancer-shm: using_defaults
                        Mutex rewrite-map: using_defaults
                        Mutex ssl-stapling-refresh: using_defaults
                        Mutex authdigest-client: using_defaults
                        Mutex lua-ivm-shm: using_defaults
                        Mutex ssl-stapling: using_defaults
                        Mutex proxy: using_defaults
                        Mutex authn-socache: using_defaults
                        Mutex ssl-cache: using_defaults
                        Mutex default: dir="/etc/httpd/run/" mechanism=default 
                        Mutex cache-socache: using_defaults
                        PidFile: "/etc/httpd/run/httpd.pid"
                        Define: DUMP_VHOSTS
                        Define: DUMP_RUN_CFG
                        User: name="apache" id=48
                        Group: name="apache" id=48 
                        

                        [root@fogus ~]# grep Server /etc/httpd/conf.d/*

                        /etc/httpd/conf.d/fog.conf:    ServerName 148.60.4.1
                        /etc/httpd/conf.d/fog.conf:    ServerAlias fogus
                        /etc/httpd/conf.d/fog.conf:    ServerName 148.60.4.1
                        /etc/httpd/conf.d/fog.conf:    ServerAlias fogus
                        /etc/httpd/conf.d/fog.conf.org:    ServerName 148.60.4.1
                        /etc/httpd/conf.d/fog.conf.org:    ServerAlias fogus
                        /etc/httpd/conf.d/fog.conf.org:    ServerName 148.60.4.1
                        /etc/httpd/conf.d/fog.conf.org:    ServerAlias fogus
                        /etc/httpd/conf.d/README:This directory holds configuration files for the Apache HTTP Server;
                        /etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
                        /etc/httpd/conf.d/ssl.conf:#   Server Private Key:
                        /etc/httpd/conf.d/ssl.conf:#   Server Certificate Chain:
                        /etc/httpd/conf.d/ssl.conf:#   Per-Server Logging:
                        

                        Fog Version: Fog 1.5.10
                        Server OS: AlmaLinux release 8.8

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sebastian Roth Moderator
                          last edited by Mar 6, 2020, 2:07 PM

                          @lebrun78 said:

                          port 443 namevhost fogus.istic.univ-rennes1.fr (/etc/httpd/conf.d/ssl.conf:40)

                          Here we are I’d say. If you use hostname fogus.istic.univ-rennes1.fr you will be served by the certificate specified in ssl.conf instead of our fog.conf. I should have figured this out earlier, really.

                          Try using hostname fogus in your fog-client install and it should just work I’d say.

                          If you are really keen we can work through FOG’s certificate generation again and make it use the full qualified name instead.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          1 Reply Last reply Reply Quote 0
                          • L
                            lebrun78
                            last edited by Mar 9, 2020, 7:25 AM

                            Thank you for you answer Sebastian,

                            I should reinstall using : “./installfog.sh -W https://fogus.istic.univ-rennes1.fr -S” ?
                            I will wait for the end of the college year to resintall and generate a new certificate.

                            Fog Version: Fog 1.5.10
                            Server OS: AlmaLinux release 8.8

                            1 Reply Last reply Reply Quote 0
                            • S
                              Sebastian Roth Moderator
                              last edited by Sebastian Roth Mar 10, 2020, 6:02 PM Mar 11, 2020, 12:01 AM

                              @lebrun78 No, using the -W does not exactly do what you might expect it to do. The installer help text on this might be a bit confusing as the parameter should only be used to set the webroot - default is /fog/ - but not the whole URL as in your example!

                              Are you sure you want to use full qualified domain name from now on? I am just asking because one of the fog-client logs you posted shows that clients might use the short name fogus and they will break if you simply switch to full qualified, unless you edit C:\Program Files (x86)\FOG\settings.json on all those machines.

                              If you only want to go with full dns name I’d suggest you edit /opt/fog/.fogsettings and make sure the following three options are set correctly.

                              hostname='fogus.istic.univ-rennes1.fr'
                              webroot='/fog/'
                              httpproto='https'
                              

                              Then re-run the installer without any command line options. That should re-generate the webserver cert and config for you (using the full qualified domain name). There should be no issue with the fog-clients being pinned to that server as the CA cert itself stays untouched. But as mentioned above you will probably need to change settings.json on all the existing clients.

                              The other option you have is to manually fiddle with the certificate stuff and add a second hostname (fogus.istic.univ-rennes1.fr and fogus). This is possible but needs manual file edit and calling commands and I don’t recommend it right now because the installer is not ready for it and will break your setup as soon as you run it again after the manual adjustments.

                              EDIT: Now that I think a bit more about it, we might even add short and full qualified dns name to the certificate by default in the installer as it might help others as well.
                              Give me a bit more time and I might add this to dev-branch in the next couple of days.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • L
                                lebrun78
                                last edited by Mar 11, 2020, 7:48 AM

                                Thank you Sebastian for this explanation.
                                I actually use the short name but by default, I would have preferred to use the long name.
                                But the whole is currently configured as well, so I will stay on this configuration while waiting to update the posts with a new image at the end of the school year.

                                Fog Version: Fog 1.5.10
                                Server OS: AlmaLinux release 8.8

                                1 Reply Last reply Reply Quote 0
                                • 1 / 1
                                1 / 1
                                • First post
                                  14/15
                                  Last post

                                226

                                Online

                                12.0k

                                Users

                                17.3k

                                Topics

                                155.2k

                                Posts
                                Copyright © 2012-2024 FOG Project