• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Can't install snapins. Certification validation failed

Scheduled Pinned Locked Moved Unsolved
FOG Problems
3
5
206
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    capitald
    last edited by capitald May 19, 2023, 12:59 PM May 19, 2023, 6:56 PM

    Hey,

    I am currently unable to deploy snapins to my clients. This is the error I get on the client:

    ------------------------------------------------------------------------------
    ---------------------------------SnapinClient---------------------------------
    ------------------------------------------------------------------------------
     5/19/2023 2:40:12 PM Client-Info Client Version: 0.13.0
     5/19/2023 2:40:12 PM Client-Info Client OS:      Windows
     5/19/2023 2:40:12 PM Client-Info Server Version: 1.5.10
     5/19/2023 2:40:12 PM Middleware::Response Success
     5/19/2023 2:40:12 PM SnapinClient Running snapin <snapinname>
     5/19/2023 2:40:12 PM Middleware::Communication Download: https://x.x.x.2//fog/service/snapins.file.php?mac=B0:0C:D1:6B:46:C1&taskid=901
     5/19/2023 2:40:12 PM Data::RSA ERROR: Certificate validation failed
     5/19/2023 2:40:12 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
     5/19/2023 2:40:12 PM Middleware::Communication SSL certificate chain error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
     
     5/19/2023 2:40:12 PM Middleware::Communication ERROR: Could not download file
     5/19/2023 2:40:12 PM Middleware::Communication ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
     5/19/2023 2:40:12 PM SnapinClient C:\Program Files (x86)\FOG\tmp\snapinname.exe
     5/19/2023 2:40:12 PM Middleware::Communication URL: https://x.x.x.2/fog/service/snapins.checkin.php?taskid=901&exitcode=-1&mac=B0:0C:D1:6B:46:C1&newService&json
    ------------------------------------------------------------------------------
    

    The server is Ubuntu 22.04. Fog version is 1.5.10.

    I have 2 servers. fog server (x.x.x.1) and a storage node (x.x.x.2). The snapin is being deploy from the storage node (x.x.x.2)

    I have reinstalled fog and recreated the keys and CA on both servers, which didn’t do anything.

    I’m not sure if this will help but the certs match on both servers:

    user@x.x.x.1:~$ openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
        MD5(stdin)= 95e3734643ded6f39dxa34sac2767508
    user@x.x.x.1:~$ openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
        MD5(stdin)= 95e3734643ded6f39dxa34sac2767508
    user@x.x.x.2:~$ openssl rsa -noout -modulus -in /opt/fog/snapins/ssl/.srvprivate.key | openssl md5
        MD5(stdin)= 95e3734643ded6f39dxa34sac2767508
    user@x.x.x.2:~$ openssl x509 -noout -modulus -in /var/www/fog/management/other/ssl/srvpublic.crt | openssl md5
        MD5(stdin)= 95e3734643ded6f39dxa34sac2767508
    

    I’m not really sure where to go from here.

    T 1 Reply Last reply May 20, 2023, 11:06 AM Reply Quote 0
    • T
      Tom Elliott @capitald
      last edited by May 20, 2023, 11:06 AM

      @capitald you would likely need to take the public certificate and put it on your systems certificate store. HTTPS is fun but also meant to be a trusted source before going out and doing things. So when we work with self signed certificates, the system has no base knowledge that they can trust them.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      C 1 Reply Last reply May 22, 2023, 1:36 PM Reply Quote 0
      • C
        capitald @Tom Elliott
        last edited by May 22, 2023, 1:36 PM

        @Tom-Elliott Thanks for the reply. Do you mean to take the public cert and add it to all my clients certificate store? That would be a process but possibly doable.

        Though we are not using a self signed cert. We are using the ones FOG creates upon installation.

        T 1 Reply Last reply May 22, 2023, 1:57 PM Reply Quote 0
        • T
          Tom Elliott @capitald
          last edited by May 22, 2023, 1:57 PM

          @capitald Those are still self signed certificates.

          The keys work find for the client itself, but you’re also using ssl to the server directly.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Sebastian Roth May 23, 2023, 11:16 PM May 24, 2023, 5:14 AM

            @capitald Let’s take a step back. Before we get into this any further we need to think about the whole connection between fog-client and the FOG server. The fog-client wouldn’t get as far as loading a snapin if there was a general problem with the SSL certs and trust.

            So is must be very specific some issue at this stage. So you use the location plugin? Were both nodes setup with HTTPS (which is not the same encryption layer we are looking at here)?

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • 1 / 1
            1 / 1
            • First post
              5/5
              Last post

            196

            Online

            12.0k

            Users

            17.3k

            Topics

            155.2k

            Posts
            Copyright © 2012-2024 FOG Project