• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    FogApi Powershell module over SSL

    Scheduled Pinned Locked Moved
    General Problems
    3
    3
    472
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hello,

      Did someone try to connect to the API with the FogApi module with an https environment ?
      It works well with http but with ssl i have this message :

      Invoke-WebRequest: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

      I tried to find infos about offered features (http/https) but i didn’t find anything.

      Thanks,

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @JJ-Fullmer Pretty sure you have used SSL with the FogAPI modules?!

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        JJ FullmerJ 1 Reply Last reply Reply Quote 0
        • JJ FullmerJ
          JJ Fullmer Testers @Sebastian Roth
          last edited by Sebastian Roth

          @Sebastian-Roth Sadly I have not actually done this.
          I believe that it is possible and @tom-elliott may have some insight on accessing the api over https. I believe he has some forum posts elsewhere discussing it. I think there may be some fog server side configuration needed to enable https api. For sure you need to have the root CA certificate that issued your fog server web certificate trusted on the machine issuing the commands. In theory that should be all there is to it, but I haven’t done a ton of testing on it, and while it’s on my to-do list, it’s a bit far down the list. Not to say SSL/TLS isn’t very important even behind a firewall, I just haven’t got there yet.

          @glequeau In theory, if you can get all the certificates trusted correctly and can access a fog api url in a browser over https, then it should work for the powershell commands as well. That’s how it typically works with powershell and api commands.

          That was long, here’s a short version:

          • Go to your https fog site
          • view the certificate being used and view the trust chain
          • Download the root and any intermediate CA certificates
          • Install them on your machine as trusted root ca certs
          • Try the api commands again with the https url set

          If that doesn’t work, then we just have more development needed on https api commands

          You could also try editing your locally installed version of the fogapi module. Specifically the invoke-fogapi command (probably at C:\program files\windowspowershell\modules\fogapi\2303.5.33\fogapi.psm1) then search for that command in the compiled version of the file.

          You would add the -SkipCertificateCheck switch to all calls to invoke-restmethod and invoke-webrequest which would bypass that error and still use the ssl connection, but ignore errors about untrusted certificates

          Have you tried the FogApi powershell module? It's pretty cool IMHO
          https://github.com/darksidemilk/FogApi
          https://fogapi.readthedocs.io/en/latest/
          https://www.powershellgallery.com/packages/FogApi
          https://forums.fogproject.org/topic/12026/powershell-api-module

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post

          161

          Online

          12.0k

          Users

          17.3k

          Topics

          155.2k

          Posts
          Copyright © 2012-2024 FOG Project