• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Certificate is not from FOG CA

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    5
    17
    11.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • holzfischH
      holzfisch
      last edited by Joe Schmitt


      Linux version 3.13.0-51-generic (buildd@lamiak) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #84-Ubuntu SMP Wed Apr 15 12:08:34 UTC 2015
      Description: Ubuntu 14.04.2 LTS
      FOG Version: SVN 3504
      Clients: Windows 8.1
      FOG Client Version: 0.8.3


      tried:

      ./installfog.sh --recreate-CA --recreate-keys

      error from client log:

      ------------------------------------------------------------------------------
      --------------------------------Authentication--------------------------------
      ------------------------------------------------------------------------------
       01.06.2015 16:42 RegistryHandler 64 bit registry detected
       01.06.2015 16:42 Client-Info Version: 0.8.3
       01.06.2015 16:42 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
       01.06.2015 16:42 Middleware::Authentication ERROR: Could not get security token
       01.06.2015 16:42 Middleware::Authentication ERROR: Die Datei "C:\Windows\system32\token.dat" konnte nicht gefunden werden.
       01.06.2015 16:42 Data::RSA ERROR: Could not verify certificate is from CA
       01.06.2015 16:42 Data::RSA ERROR: Der Wert darf nicht NULL sein.
      Parametername: certificate
       01.06.2015 16:42 Middleware::Authentication ERROR: Could not authenticate
       01.06.2015 16:42 Middleware::Authentication ERROR: Certificate is not from FOG CA
      
      ------------------------------------------------------------------------------
      --------------------------------Authentication--------------------------------
      ------------------------------------------------------------------------------
       01.06.2015 16:43 RegistryHandler 64 bit registry detected
       01.06.2015 16:43 Client-Info Version: 0.8.3
       01.06.2015 16:43 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
       01.06.2015 16:43 Middleware::Communication ERROR: Could not download file
       01.06.2015 16:43 Middleware::Communication ERROR: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.
       01.06.2015 16:43 Middleware::Authentication ERROR: Could not get security token
       01.06.2015 16:43 Middleware::Authentication ERROR: Die Datei "C:\Windows\system32\token.dat" konnte nicht gefunden werden.
       01.06.2015 16:43 Middleware::Authentication ERROR: Could not authenticate
       01.06.2015 16:43 Middleware::Authentication ERROR: Das System kann die angegebene Datei nicht finden.
      

      Please help!

      Michael

      1 Reply Last reply Reply Quote 0
      • J
        Joe Schmitt Senior Developer
        last edited by

        @holzfisch said:

        http://192.168.1.14/fog/management/other/ssl/srvpublic.crt

        Can you try downloading that file manually? If my understanding of the german is correct, it is saying that the computer could not establish a session with the server meaning it is possibly a network issue.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        1 Reply Last reply Reply Quote 0
        • Bill RiceB
          Bill Rice Testers
          last edited by

          I have had this issue myself but clearing the encrytping data for the host in question, allowed communication.

          1 Reply Last reply Reply Quote 0
          • holzfischH
            holzfisch
            last edited by Joe Schmitt

            Manual download is working :


            root@dollyghost:~# wget http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
            --2015-06-02 09:43:23--  http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
            Auflösen des Hostnamen »proxy4.hlwsp.hlwspittal.at (proxy4.hlwsp.hlwspittal.at)«... 192.168.1.22
            Verbindungsaufbau zu proxy4.hlwsp.hlwspittal.at (proxy4.hlwsp.hlwspittal.at)|192.168.1.22|:8080... verbunden.
            Proxy-Anforderung gesendet, warte auf Antwort... 200 OK
            Länge: 1679 (1,6K) [application/x-x509-ca-cert]
            In »»srvpublic.crt«« speichern.
            
            100%[==============================================================================>] 1.679       --.-K/s   in 0s
            
            2015-06-02 09:43:23 (223 MB/s) - »»srvpublic.crt«« gespeichert [1679/1679]
            
            root@dollyghost:~# ls
            127.0.0.1  src  srvpublic.crt  test.log
            root@dollyghost:~# cat srvpublic.crt
            -----BEGIN CERTIFICATE-----
            MIIErDCCApQCCQDOSUtU2SXshzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA4x
            OTIuMTY4LjEuMTRDQTAeFw0xNTA2MDExOTUzMDZaFw0yNTA1MjkxOTUzMDZaMBcx
            FTATBgNVBAMMDDE5Mi4xNjguMS4xNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
            AgoCggIBAK6C+OuXsIsNpuT87/XPjAaRnEwIXevdDhz9trvGEtni9W5s8P5W6mpO
            83ngkXaybVtZzihRaINiLIyhmodTNbk3i6hjl+KMGhH9G7SL7wVf48TBUllrXNIN
            Z0JaX3M3SBqMCc71UgpAHkoHIhrdwJPmO9Ng/sZwkKpHGFL0bzkHB8mg3Fwz9hj2
            tLxDDQDGtxGkxO9CHP6j9AXk1JdXnsImCCD0afy5ds3JXpe2Nh90q1GANTIbmoWb
            LX/9tJJ7qsb29UuMKNJK+uJ/bEqhBc+f2Y0H0TFLFSrwBn51jl9ImtpKPCKW/hQR
            xxKArjV71LznBbyWsBtXmZY1mw1Bc+e5xrfU7SI3ECEN/7xX/dD79oi4phiu9p6F
            kS1Ja4ZmDHVAQWsKb/ZxjjzTBKMDKXn5NaHRXH8QM4CdWnN1oFBHjEywTztvyK7w
            pMYKkaQyp48PNiy/mAK+6qITXqB4mSogNR9yU1IcvXzzrN6M1kS1CXeKOOQZAHYL
            /7F5kaDvCF5/UhYYxBPK3PSHKGkkKtX/zJEfifnf4AvBUgUCHaud+ZfAdDQ6cZyq
            0Ls3E5c29i136MYwSWKN4q6okXfP5YcEIDj4JYblPwqa8Kk50nTQcJvx0ovj8s8j
            zVPUVY28WHlVrfLbjtepTqKYbRVBtcLvG849N78JoSA1Ao51PHqtAgMBAAEwDQYJ
            KoZIhvcNAQELBQADggIBAHrSnCUTsDs9Bn97MzwauQ4CY9GwmHFxFeKA0o87aciK
            jAPRCY5/3ADI8LJ2SFjVyJ28WglL7b0nYxmuzzyzlFwQd2148LbOYuFBGPuc9qoZ
            mTl+o0UyMY/btTd6msGbI3+jzuSAbX87BDwey0D3c4HyM/eufjzp9lc0ysdrbJxP
            kW731whW73nyT+V1EMrXUyHBbzpi13XZSr4XxMHXCC9rdQvKLccLajBrMfw6fJTo
            Fi+tBViDmrknGQlQMI9AWxCSvQmU3CWdut53zIp2AJE5jcrh9m341pxEoalt0WKl
            YhdYitz6KhecDZ5dCbPVV8fakxca8OdUbf8kFAr2Pykl/Dy2YJ7AkP6legSdfwdR
            FiNwNkbSPO5V4EBuiCKYUfxK67UUnMkTk6xRQrExX9Mmr+bEgTW8G9tCHins9fyZ
            5RxZy3/udUYbiScdn7V9EFHaB7Bbe4t8UVfspm8X/AbUkw5Xd9eJuCgxziGloCeG
            ZJdJWqL8SD0INH1P34hDC1860QBUO9U+uU3m351u/NkFuCdEfoLSsyBxvKZ0zo9M
            a3DT/Brl6Q0PYJug7CRbUl0iSgHVSCSZRVp94O2uTQvc1PPkaVg91nCv3aom40f+
            uaKlJTrZPNA0sj53rKZ1VhjqToTOaebqtmdihSJfhHh6q06CMWPe5w2SLHRU+UQf
            -----END CERTIFICATE-----
            ---
            

            Manual downloading with the browser is working too.

            Michael

            1 Reply Last reply Reply Quote 0
            • J
              Joe Schmitt Senior Developer
              last edited by

              Can you open the certificate on windows and checked the “Issued to” and “Issued by” fields?

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              1 Reply Last reply Reply Quote 0
              • holzfischH
                holzfisch
                last edited by

                File is opening with Internet Explorer.

                upload-4f8fc5d8-1afe-4d6e-b05e-f2aaa2788a26

                I have firefox on the clients as standard browser. the certificate is not opening with firefox.

                “This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.”

                (german: “Dies ist kein Zertifikat für eine Zertifizierungsstelle und kann deshalb nicht in die Liste der Zertifizierungsstellen importiert werden.”)

                is there a problem, if firefox is the standard browser?

                MIchael

                Tom ElliottT 1 Reply Last reply Reply Quote 0
                • holzfischH
                  holzfisch
                  last edited by

                  What is the Middleware Commuinication? How can I debug Middleware? (i also tried to remove and reinstall the client).

                  Michael

                  1 Reply Last reply Reply Quote 0
                  • Tom ElliottT
                    Tom Elliott @holzfisch
                    last edited by Tom Elliott

                    @holzfisch Can you delete the Trusted CA that you have for the FOG Server that’s labeled as:
                    192.168.1.14CA

                    Then go to http://192.168.1.14/fog/management/other/ca.cert.der in Chrome or Firefox (as IE will just display the file as if it’s plain text) and install THAT certificate?

                    This should fix your registry issue. You might have to reset the encryption data for the hosts that were affected as well, but ultimately you should be good to go after that. The CA Name in the Certificate Manager should be: “FOG Server CA”

                    Middleware is the new name of the CommunicationHandler class. It was renamed because, while it does deal with communication, it’s essentially the Middle man of the Client to Server communications and data operations to move in between the other modules. It IS middleware and was named more appropriately.

                    @Jbob I believe has a debugger function already created and setup on the forums. I’ll update this post with the link that shows where to download the file and how to use it.

                    Here is the Link to the forum post:
                    https://forums.fogproject.org/topic/5074/ad-join-rename-on-client-0-8-1/5

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    1 Reply Last reply Reply Quote 2
                    • J
                      Joe Schmitt Senior Developer
                      last edited by

                      Be sure to install that ca.cer.der file under Local System and as a Trusted Root Certificate Authority. What happened is that the client “pinned” an old format of the CA certificate that Tom released for a few versions in hopes of multiple FOG server support but was removed shortly after.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                      1 Reply Last reply Reply Quote 0
                      • holzfischH
                        holzfisch
                        last edited by

                        Thanks for the answers. Removed the old certificate under “Trusted Root Certificate Authority”. Installed the new (“Trusted Root Certificate Authority”. )(http://192.168.1.14/fog/management/other/ca.cert.der). It has still the name 192.168.1.14CA. After installing it still the problem stays the same:



                        --------------------------------Authentication--------------------------------

                        08.06.2015 11:29 RegistryHandler 64 bit registry detected
                        08.06.2015 11:29 Client-Info Version: 0.8.3
                        08.06.2015 11:29 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
                        08.06.2015 11:29 Middleware::Communication ERROR: Could not download file
                        08.06.2015 11:29 Middleware::Communication ERROR: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.
                        08.06.2015 11:29 Middleware::Authentication ERROR: Could not get security token
                        08.06.2015 11:29 Middleware::Authentication ERROR: Die Datei “C:\Windows\system32\token.dat” konnte nicht gefunden werden.
                        08.06.2015 11:29 Middleware::Authentication ERROR: Could not authenticate
                        08.06.2015 11:29 Middleware::Authentication ERROR: Das System kann die angegebene Datei nicht finden.

                        did something go wrong with a upgrade?
                        i get the file (http://192.168.1.14/fog/management/other/ssl/srvpublic.crt) ,when using chrome.

                        Please help

                        1 Reply Last reply Reply Quote 0
                        • holzfischH
                          holzfisch
                          last edited by holzfisch

                          upload-dc8236b5-5d6d-47cc-a879-57913a709509

                          Debugger ist not working with client 084 (from the mentioned post).

                          There is no encryption data to delete. (see screenshot).

                          greetings

                          Michaelfog.log

                          1 Reply Last reply Reply Quote 0
                          • holzfischH
                            holzfisch
                            last edited by holzfisch

                            Tried: delayed start of the fog service . (Problem after downloading returns - started a new posting)

                            Michael

                            1 Reply Last reply Reply Quote 0
                            • holzfischH
                              holzfisch
                              last edited by holzfisch

                              Linux version 3.13.0-51-generic (buildd@lamiak) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #84-Ubuntu SMP Wed Apr 15 12:08:34 UTC 2015
                              Description: Ubuntu 14.04.2 LTS
                              FOG Version: SVN 3537
                              Clients: Windows 8.1
                              FOG Client Version: 0.8.4

                              Hi!

                              Problem is not solved:
                              fog.7z
                              Get this error after download from server. (fog.log as attachment)

                              10.06.2015 10:12 Client-Info Version: 0.8.4
                              10.06.2015 10:12 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
                              10.06.2015 10:12 Middleware::Authentication ERROR: Could not get security token
                              10.06.2015 10:12 Middleware::Authentication ERROR: Die Datei “C:\Windows\system32\token.dat” konnte nicht gefunden werden.
                              10.06.2015 10:12 Data::RSA ERROR: Could not verify certificate is from CA
                              10.06.2015 10:12 Data::RSA ERROR: Der Wert darf nicht NULL sein.
                              Parametername: certificate
                              10.06.2015 10:12 Middleware::Authentication ERROR: Could not authenticate
                              10.06.2015 10:12 Middleware::Authentication ERROR: Certificate is not from FOG CA


                              Installed client 084 (removed manually install dir) . then it worked for the cloning client. After uploading i had the same problem.

                              Why do i get always 192.168.1.14CA?
                              Where do i delete the encryption data for the client? There is no button on the web-interface?

                              Removed it and installed http://192.168.1.14/fog/management/other/ca.cert.der but certificate stays 192.168.1.14CA.

                              Tried the debugger (admin rights) in the fog folder, but it is not working.

                              thanks for the time helping me.

                              Michael

                              1 Reply Last reply Reply Quote 0
                              • holzfischH
                                holzfisch
                                last edited by holzfisch

                                After a while i get “Error multiple hosts returned for list of mac addresses” (virtual box is installed so the mac is sometimes the same on the clients - had the same problem with early versions of the old client).

                                fog.log


                                --------------------------------HostnameChanger-------------------------------

                                10.06.2015 15:14 Client-Info Version: 0.8.4
                                10.06.2015 15:14 HostnameChanger Running…
                                10.06.2015 15:14 Middleware::Communication URL: http://192.168.1.14/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:22:FB:2B:FF:A2|00:21:70:F6:44:E0|08:00:27:00:6C:21||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1
                                10.06.2015 15:14 Middleware::Communication Unknown Response: Error multiple hosts returned for list of mac addresses

                                1 Reply Last reply Reply Quote 0
                                • holzfischH
                                  holzfisch
                                  last edited by

                                  @holzfisch said:

                                  Installed client 084 (removed manually install dir) . then it worked for the cloning client. After uploading i had the same problem.

                                  Why do i get always 192.168.1.14CA?
                                  Where do i delete the encryption data for the client? There is no button on the web-interface?

                                  Removed it and installed http://192.168.1.14/fog/management/other/ca.cert.der but certificate stays 192.168.1.14CA.

                                  Tried the debugger (admin rights) in the fog folder, but it is not working.

                                  thanks for the time helping me.

                                  Michael

                                  Do you have an idea how to get the right certificate? I always get 192.168.1.14CA?

                                  Michael

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    Joe Schmitt Senior Developer
                                    last edited by

                                    Problem solved. It was an issue with the installer.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      J Rider
                                      last edited by

                                      I know this thread is quite old, but I wanted to include another possible cause because Google searches seem to bring you back to this thread.

                                      I was experiencing the same issue with my Windows 7 Fog clients, and resetting the encryption data did nothing. It turned out to be the time was quite off on the client, so it was never able to authenticate with the Fog server. Once the time was corrected, the client connected and everything worked fine (hostname, join, etc.).

                                      Just in case someone else runs into this issue, hopefully this can save you some time.

                                      1 Reply Last reply Reply Quote 2
                                      • 1 / 1
                                      • First post
                                        Last post

                                      211

                                      Online

                                      12.0k

                                      Users

                                      17.3k

                                      Topics

                                      155.2k

                                      Posts
                                      Copyright © 2012-2024 FOG Project