Certificate is not from FOG CA
-
Linux version 3.13.0-51-generic (buildd@lamiak) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #84-Ubuntu SMP Wed Apr 15 12:08:34 UTC 2015
Description: Ubuntu 14.04.2 LTS
FOG Version: SVN 3504
Clients: Windows 8.1
FOG Client Version: 0.8.3
tried:
./installfog.sh --recreate-CA --recreate-keys
error from client log:
------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 01.06.2015 16:42 RegistryHandler 64 bit registry detected 01.06.2015 16:42 Client-Info Version: 0.8.3 01.06.2015 16:42 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt 01.06.2015 16:42 Middleware::Authentication ERROR: Could not get security token 01.06.2015 16:42 Middleware::Authentication ERROR: Die Datei "C:\Windows\system32\token.dat" konnte nicht gefunden werden. 01.06.2015 16:42 Data::RSA ERROR: Could not verify certificate is from CA 01.06.2015 16:42 Data::RSA ERROR: Der Wert darf nicht NULL sein. Parametername: certificate 01.06.2015 16:42 Middleware::Authentication ERROR: Could not authenticate 01.06.2015 16:42 Middleware::Authentication ERROR: Certificate is not from FOG CA------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 01.06.2015 16:43 RegistryHandler 64 bit registry detected 01.06.2015 16:43 Client-Info Version: 0.8.3 01.06.2015 16:43 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt 01.06.2015 16:43 Middleware::Communication ERROR: Could not download file 01.06.2015 16:43 Middleware::Communication ERROR: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden. 01.06.2015 16:43 Middleware::Authentication ERROR: Could not get security token 01.06.2015 16:43 Middleware::Authentication ERROR: Die Datei "C:\Windows\system32\token.dat" konnte nicht gefunden werden. 01.06.2015 16:43 Middleware::Authentication ERROR: Could not authenticate 01.06.2015 16:43 Middleware::Authentication ERROR: Das System kann die angegebene Datei nicht finden.Please help!
Michael
-
@holzfisch said:
Can you try downloading that file manually? If my understanding of the german is correct, it is saying that the computer could not establish a session with the server meaning it is possibly a network issue.
-
I have had this issue myself but clearing the encrytping data for the host in question, allowed communication.
-
Manual download is working :
root@dollyghost:~# wget http://192.168.1.14/fog/management/other/ssl/srvpublic.crt --2015-06-02 09:43:23-- http://192.168.1.14/fog/management/other/ssl/srvpublic.crt Auflösen des Hostnamen »proxy4.hlwsp.hlwspittal.at (proxy4.hlwsp.hlwspittal.at)«... 192.168.1.22 Verbindungsaufbau zu proxy4.hlwsp.hlwspittal.at (proxy4.hlwsp.hlwspittal.at)|192.168.1.22|:8080... verbunden. Proxy-Anforderung gesendet, warte auf Antwort... 200 OK Länge: 1679 (1,6K) [application/x-x509-ca-cert] In »»srvpublic.crt«« speichern. 100%[==============================================================================>] 1.679 --.-K/s in 0s 2015-06-02 09:43:23 (223 MB/s) - »»srvpublic.crt«« gespeichert [1679/1679] root@dollyghost:~# ls 127.0.0.1 src srvpublic.crt test.log root@dollyghost:~# cat srvpublic.crt -----BEGIN CERTIFICATE----- MIIErDCCApQCCQDOSUtU2SXshzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA4x OTIuMTY4LjEuMTRDQTAeFw0xNTA2MDExOTUzMDZaFw0yNTA1MjkxOTUzMDZaMBcx FTATBgNVBAMMDDE5Mi4xNjguMS4xNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBAK6C+OuXsIsNpuT87/XPjAaRnEwIXevdDhz9trvGEtni9W5s8P5W6mpO 83ngkXaybVtZzihRaINiLIyhmodTNbk3i6hjl+KMGhH9G7SL7wVf48TBUllrXNIN Z0JaX3M3SBqMCc71UgpAHkoHIhrdwJPmO9Ng/sZwkKpHGFL0bzkHB8mg3Fwz9hj2 tLxDDQDGtxGkxO9CHP6j9AXk1JdXnsImCCD0afy5ds3JXpe2Nh90q1GANTIbmoWb LX/9tJJ7qsb29UuMKNJK+uJ/bEqhBc+f2Y0H0TFLFSrwBn51jl9ImtpKPCKW/hQR xxKArjV71LznBbyWsBtXmZY1mw1Bc+e5xrfU7SI3ECEN/7xX/dD79oi4phiu9p6F kS1Ja4ZmDHVAQWsKb/ZxjjzTBKMDKXn5NaHRXH8QM4CdWnN1oFBHjEywTztvyK7w pMYKkaQyp48PNiy/mAK+6qITXqB4mSogNR9yU1IcvXzzrN6M1kS1CXeKOOQZAHYL /7F5kaDvCF5/UhYYxBPK3PSHKGkkKtX/zJEfifnf4AvBUgUCHaud+ZfAdDQ6cZyq 0Ls3E5c29i136MYwSWKN4q6okXfP5YcEIDj4JYblPwqa8Kk50nTQcJvx0ovj8s8j zVPUVY28WHlVrfLbjtepTqKYbRVBtcLvG849N78JoSA1Ao51PHqtAgMBAAEwDQYJ KoZIhvcNAQELBQADggIBAHrSnCUTsDs9Bn97MzwauQ4CY9GwmHFxFeKA0o87aciK jAPRCY5/3ADI8LJ2SFjVyJ28WglL7b0nYxmuzzyzlFwQd2148LbOYuFBGPuc9qoZ mTl+o0UyMY/btTd6msGbI3+jzuSAbX87BDwey0D3c4HyM/eufjzp9lc0ysdrbJxP kW731whW73nyT+V1EMrXUyHBbzpi13XZSr4XxMHXCC9rdQvKLccLajBrMfw6fJTo Fi+tBViDmrknGQlQMI9AWxCSvQmU3CWdut53zIp2AJE5jcrh9m341pxEoalt0WKl YhdYitz6KhecDZ5dCbPVV8fakxca8OdUbf8kFAr2Pykl/Dy2YJ7AkP6legSdfwdR FiNwNkbSPO5V4EBuiCKYUfxK67UUnMkTk6xRQrExX9Mmr+bEgTW8G9tCHins9fyZ 5RxZy3/udUYbiScdn7V9EFHaB7Bbe4t8UVfspm8X/AbUkw5Xd9eJuCgxziGloCeG ZJdJWqL8SD0INH1P34hDC1860QBUO9U+uU3m351u/NkFuCdEfoLSsyBxvKZ0zo9M a3DT/Brl6Q0PYJug7CRbUl0iSgHVSCSZRVp94O2uTQvc1PPkaVg91nCv3aom40f+ uaKlJTrZPNA0sj53rKZ1VhjqToTOaebqtmdihSJfhHh6q06CMWPe5w2SLHRU+UQf -----END CERTIFICATE----- ---Manual downloading with the browser is working too.
Michael
-
Can you open the certificate on windows and checked the “Issued to” and “Issued by” fields?
-
File is opening with Internet Explorer.
I have firefox on the clients as standard browser. the certificate is not opening with firefox.
“This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.”
(german: “Dies ist kein Zertifikat für eine Zertifizierungsstelle und kann deshalb nicht in die Liste der Zertifizierungsstellen importiert werden.”)
is there a problem, if firefox is the standard browser?
MIchael
-
What is the Middleware Commuinication? How can I debug Middleware? (i also tried to remove and reinstall the client).
Michael
-
@holzfisch Can you delete the Trusted CA that you have for the FOG Server that’s labeled as:
192.168.1.14CAThen go to http://192.168.1.14/fog/management/other/ca.cert.der in Chrome or Firefox (as IE will just display the file as if it’s plain text) and install THAT certificate?
This should fix your registry issue. You might have to reset the encryption data for the hosts that were affected as well, but ultimately you should be good to go after that. The CA Name in the Certificate Manager should be: “FOG Server CA”
Middleware is the new name of the CommunicationHandler class. It was renamed because, while it does deal with communication, it’s essentially the Middle man of the Client to Server communications and data operations to move in between the other modules. It IS middleware and was named more appropriately.
@Jbob I believe has a debugger function already created and setup on the forums. I’ll update this post with the link that shows where to download the file and how to use it.
Here is the Link to the forum post:
https://forums.fogproject.org/topic/5074/ad-join-rename-on-client-0-8-1/5 -
Be sure to install that ca.cer.der file under Local System and as a Trusted Root Certificate Authority. What happened is that the client “pinned” an old format of the CA certificate that Tom released for a few versions in hopes of multiple FOG server support but was removed shortly after.
-
Thanks for the answers. Removed the old certificate under “Trusted Root Certificate Authority”. Installed the new (“Trusted Root Certificate Authority”. )(http://192.168.1.14/fog/management/other/ca.cert.der). It has still the name 192.168.1.14CA. After installing it still the problem stays the same:
--------------------------------Authentication--------------------------------
08.06.2015 11:29 RegistryHandler 64 bit registry detected
08.06.2015 11:29 Client-Info Version: 0.8.3
08.06.2015 11:29 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
08.06.2015 11:29 Middleware::Communication ERROR: Could not download file
08.06.2015 11:29 Middleware::Communication ERROR: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.
08.06.2015 11:29 Middleware::Authentication ERROR: Could not get security token
08.06.2015 11:29 Middleware::Authentication ERROR: Die Datei “C:\Windows\system32\token.dat” konnte nicht gefunden werden.
08.06.2015 11:29 Middleware::Authentication ERROR: Could not authenticate
08.06.2015 11:29 Middleware::Authentication ERROR: Das System kann die angegebene Datei nicht finden.did something go wrong with a upgrade?
i get the file (http://192.168.1.14/fog/management/other/ssl/srvpublic.crt) ,when using chrome.Please help
-
Debugger ist not working with client 084 (from the mentioned post).
There is no encryption data to delete. (see screenshot).
greetings
Michaelfog.log
-
Tried: delayed start of the fog service . (Problem after downloading returns - started a new posting)
Michael
-
Linux version 3.13.0-51-generic (buildd@lamiak) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #84-Ubuntu SMP Wed Apr 15 12:08:34 UTC 2015
Description: Ubuntu 14.04.2 LTS
FOG Version: SVN 3537
Clients: Windows 8.1
FOG Client Version: 0.8.4Hi!
Problem is not solved:
fog.7z
Get this error after download from server. (fog.log as attachment)10.06.2015 10:12 Client-Info Version: 0.8.4
10.06.2015 10:12 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
10.06.2015 10:12 Middleware::Authentication ERROR: Could not get security token
10.06.2015 10:12 Middleware::Authentication ERROR: Die Datei “C:\Windows\system32\token.dat” konnte nicht gefunden werden.
10.06.2015 10:12 Data::RSA ERROR: Could not verify certificate is from CA
10.06.2015 10:12 Data::RSA ERROR: Der Wert darf nicht NULL sein.
Parametername: certificate
10.06.2015 10:12 Middleware::Authentication ERROR: Could not authenticate
10.06.2015 10:12 Middleware::Authentication ERROR: Certificate is not from FOG CA
Installed client 084 (removed manually install dir) . then it worked for the cloning client. After uploading i had the same problem.
Why do i get always 192.168.1.14CA?
Where do i delete the encryption data for the client? There is no button on the web-interface?Removed it and installed http://192.168.1.14/fog/management/other/ca.cert.der but certificate stays 192.168.1.14CA.
Tried the debugger (admin rights) in the fog folder, but it is not working.
thanks for the time helping me.
Michael
-
After a while i get “Error multiple hosts returned for list of mac addresses” (virtual box is installed so the mac is sometimes the same on the clients - had the same problem with early versions of the old client).
--------------------------------HostnameChanger-------------------------------
10.06.2015 15:14 Client-Info Version: 0.8.4
10.06.2015 15:14 HostnameChanger Running…
10.06.2015 15:14 Middleware::Communication URL: http://192.168.1.14/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:22:FB:2B:FF:A2|00:21:70:F6:44:E0|08:00:27:00:6C:21||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1
10.06.2015 15:14 Middleware::Communication Unknown Response: Error multiple hosts returned for list of mac addresses -
@holzfisch said:
Installed client 084 (removed manually install dir) . then it worked for the cloning client. After uploading i had the same problem.
Why do i get always 192.168.1.14CA?
Where do i delete the encryption data for the client? There is no button on the web-interface?Removed it and installed http://192.168.1.14/fog/management/other/ca.cert.der but certificate stays 192.168.1.14CA.
Tried the debugger (admin rights) in the fog folder, but it is not working.
thanks for the time helping me.
Michael
Do you have an idea how to get the right certificate? I always get 192.168.1.14CA?
Michael
-
Problem solved. It was an issue with the installer.
-
I know this thread is quite old, but I wanted to include another possible cause because Google searches seem to bring you back to this thread.
I was experiencing the same issue with my Windows 7 Fog clients, and resetting the encryption data did nothing. It turned out to be the time was quite off on the client, so it was never able to authenticate with the Fog server. Once the time was corrected, the client connected and everything worked fine (hostname, join, etc.).
Just in case someone else runs into this issue, hopefully this can save you some time.
