• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Setting up an existing FOG Server installation with a new SSL Certificate

    Scheduled Pinned Locked Moved
    FOG Problems
    2
    9
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hancocza
      last edited by

      Hello,

      I’m currently running FOG 1.5.9 RC2.9 with the SSL option. The certificate that we use for this server was updated, and so now i’m trying to get this new certificate to work with the existing FOG Installation. Are there steps on how to get everything working with it? I know when you do a new installation from scratch, you can choose the certificate and key to use, but there doesn’t seem to be that step when updating to newer versions.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @hancocza We need more information to be able to help.

        The certificate that we use for this server was updated

        Please tell us more about this certificate. Is this a cert generated by the FOG installer or one that you get from a different certificate authority?

        Are there steps on how to get everything working with it?

        What were the exact steps you took to make it work in the first place?

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        H 1 Reply Last reply Reply Quote 1
        • H
          hancocza @Sebastian Roth
          last edited by

          @Sebastian-Roth it is a custom certificate through godaddy. They renew every year, so I need to update the certificate on the server. Previously (before 1.5.8), I would set it up without ssl and then add in the 443 port config to the apache portion of the server. When I did a fresh install of 1.5.8, the installer asked for the certificate location and the key location if I remember correctly. I did that in February of this year. Now the time came to update the certificate, but I’m not exactly sure where I need to make changes to point to the new certificate besides the apache config.

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by

            @hancocza said in Setting up an existing FOG Server installation with a new SSL Certificate:

            When I did a fresh install of 1.5.8, the installer asked for the certificate location and the key location if I remember correctly.

            Not that I know of.

            Now the time came to update the certificate, but I’m not exactly sure where I need to make changes to point to the new certificate besides the apache config.

            I am still missing some bits to get the full picture! 1.5.8 was installed without SSL, then Apache config modified manually to enable SSL? Did you also enable SSL in the .fogsettings configuration or through the FOG installer? At what stage did you do that, right after 1.5.8 install, in between or when updating to 1.5.9-RC2?

            Please post your Apache config (one single file FOG generates for you) as well as the output from grep httpproto /opt/fog/.fogsettings here in the forums. Without that information I can only guess and would likely lead you the wrong way.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            H 2 Replies Last reply Reply Quote 0
            • H
              hancocza @Sebastian Roth
              last edited by

              @Sebastian-Roth Initially i installed it without SSL, correct. Then added the 443 section manually. When I upgraded to 1.5.9-RC2, I decided to let the FOG installer handle the SSL setup by using the -S option on install. Once the install was done and the default certificate for FOG was created, I went into the apache config and pointed the certificate lines to my certificate that i got from GoDaddy. That was fine. I’m just trying to figure out if there are other steps that need to be taken to replace the default certificate that was created by the installer with the certificate I have.

              1 Reply Last reply Reply Quote 0
              • H
                hancocza @Sebastian Roth
                last edited by hancocza

                @Sebastian-Roth apache_config.txt output for grep was httpproto = https

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by

                  @hancocza said in Setting up an existing FOG Server installation with a new SSL Certificate:

                  I’m just trying to figure out if there are other steps that need to be taken to replace the default certificate that was created by the installer with the certificate I have.

                  Well, do you see any issues?

                  From my understanding you should at least re-compile iPXE binaries because otherwise your hosts won’t be able to PXE boot anymore.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  H 1 Reply Last reply Reply Quote 0
                  • H
                    hancocza @Sebastian Roth
                    last edited by

                    @Sebastian-Roth Web server and snapins seem to be fine. I am having pxe issues, getting an invalid argument error (guessing that’s because it’s using the wrong certificate). What are the steps to recompile it?

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by Sebastian Roth

                      @hancocza Ah sorry, I thought you’d know how to do that.

                      Go to the directory where you usually run the installer from, I’ll just use /root/fogproject her in the example but make sure you use what you have on your system extracted already.

                      cd /root/fogproject/utils/FOGiPXE/
                      ./buildipxe.sh /etc/ssl/certs/Certs/gd_bundle-g2-g1.crt
                      cd ../../packages/tftp/
                      find -type f -exec cp -Rfv {} /tftpboot/{} \;
                      

                      This is partly outlined in the wiki but still needs more consideration: https://wiki.fogproject.org/wiki/index.php?title=HTTPS#Custom_CA_and_certificates

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      138

                      Online

                      12.1k

                      Users

                      17.3k

                      Topics

                      155.3k

                      Posts
                      Copyright © 2012-2024 FOG Project