• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Certificate issues since moving FOG from Ubuntu to Fedora.

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    22
    11.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hanz
      last edited by Hanz

      0_1447629009513_fog.log

      This is a copy of my log on the machine I mentioned that keeps losing security token somehow…at the 1:35 pm mark it shows invalid host certificate, but an Authentication Authenticated statement…

      On the next checkin ~ 2:36 it goes to invalid host certificate, invalid security token.

      I reset encryption data (again) and restarted service on the local computer @ the 6:00 mark and the final shows it going back to Authentication Authenticated upon restart of the service. (sorry for the uploaded log, but it wouldn’t let me post just the copied code this time.)

      This is next checkin

      ------------------------------------------------------------------------------
      ----------------------------------TaskReboot----------------------------------
      ------------------------------------------------------------------------------
       11/15/2015 7:03 PM Client-Info Version: 0.9.7
       11/15/2015 7:03 PM TaskReboot Running...
       11/15/2015 7:03 PM Middleware::Communication URL: http://10.72.3.50/fog/service/servicemodule-active.php?moduleid=taskreboot&mac=B4:99:BA:E9:B8:B8|0A:00:27:00:00:00|CC:52:AF:87:F3:DA||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1
       11/15/2015 7:03 PM Middleware::Communication Response: Success
       11/15/2015 7:03 PM Middleware::Communication URL: http://10.72.3.50/fog/service/jobs.php?mac=B4:99:BA:E9:B8:B8|0A:00:27:00:00:00|CC:52:AF:87:F3:DA||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1
       11/15/2015 7:03 PM Middleware::Communication Response: Invalid host certificate
       11/15/2015 7:03 PM Middleware::Communication URL: http://10.72.3.50/fog/management/other/ssl/srvpublic.crt
       11/15/2015 7:03 PM Data::RSA FOG Server CA cert found
       11/15/2015 7:03 PM Middleware::Authentication Cert OK
       11/15/2015 7:03 PM Middleware::Communication POST URL: http://10.72.3.50/fog/management/index.php?sub=authorize
       11/15/2015 7:03 PM Middleware::Communication Response: Success
       11/15/2015 7:03 PM Middleware::Authentication Authenticated
       11/15/2015 7:03 PM Middleware::Communication URL: http://10.72.3.50/fog/service/jobs.php?mac=B4:99:BA:E9:B8:B8|0A:00:27:00:00:00|CC:52:AF:87:F3:DA||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1&newService=1
       11/15/2015 7:03 PM Middleware::Communication Response: No jobs
      ------------------------------------------------------------------------------```
      1 Reply Last reply Reply Quote 0
      • H
        Hanz @Wayne Workman
        last edited by

        @Wayne-Workman After clearing all security tokens for hosts, my database shows all hosts with no tokens…When are these tokens supposed to recreate themselves, as it looks like none are being recreated which may be why my clients keep saying invalid host certificate. I don’t know who creates them or when for that matter, but it doesn’t seem to be happening.

        1 Reply Last reply Reply Quote 0
        • Tom ElliottT
          Tom Elliott
          last edited by

          Fog automatically creates the token during the authentication sequence. Ihc is a signifier to the client that a new aes key needs to be generated. If the aes key and security token are blank the server creates a security token for the client and the client creates its own aes key. The server stores the aes key with the host for a specified period of time (30 minutes for now) and resets the key to null if the expired time occurs. When the key expires the client will receive the ihc (invalid host certificate) and it knows it needs to generate a new aes key. During every authentication sequence, as spawned when ihc is met, (after initial connect) the client sends what it knows is the current security token. As long as this matches what the server knows is true, a new security token is generated and sent to the client and the server stores the newly generated aes key for the host.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          H 1 Reply Last reply Reply Quote 0
          • H
            Hanz @Tom Elliott
            last edited by

            @Tom-Elliott As of now I have no hosts with any security tokens or pubkeys associated, this is after resetting them Friday. Some have been running all weekend. All I have under /opt/fog/snapins/ssl is a file named fog.csr. The client doesn’t seem to be creating new aes keys, seeing as how they’re all “expired”/blank on server. Am I getting that right ?

            Tom ElliottT 1 Reply Last reply Reply Quote 0
            • Tom ElliottT
              Tom Elliott @Hanz
              last edited by

              @Hanz if you run:
              ls -lhart /opt/fog/snapins/ssl do you see a .srvprivate.key?

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              H 2 Replies Last reply Reply Quote 0
              • H
                Hanz @Tom Elliott
                last edited by

                @Tom-Elliott yes

                H 1 Reply Last reply Reply Quote 0
                • H
                  Hanz @Hanz
                  last edited by

                  @Hanz sorry didn’t realize it was a hidden file when Wayne Workman showed me where they were.

                  1 Reply Last reply Reply Quote 0
                  • H
                    Hanz @Tom Elliott
                    last edited by Hanz

                    @Tom-Elliott below is the output from said command. Curious about the permissions for the … as it usually is owned by root I thought.

                    [bcs@fog-server ~]$ ls -lhart /opt/fog/snapins/ssl
                    total 16K
                    drwsrwsrwx 2 fog apache 4.0K Oct 16 09:25 .
                    drwsrwsr-x 4 fog apache 4.0K Nov 15 19:34 ..
                    -rwxrwxrwx 1 fog apache 3.2K Nov 15 23:35 .srvprivate.key
                    -rwxrwxrwx 1 fog apache 1.6K Nov 15 23:35 fog.csr
                    

                    Currently running 5368

                    Wayne WorkmanW 1 Reply Last reply Reply Quote 0
                    • Wayne WorkmanW
                      Wayne Workman @Hanz
                      last edited by

                      @Hanz the permissions on my fog server are:

                      -rw-r--r-- 1 fog apache 1586 May 27 11:31 fog.csr
                      -rw-r--r-- 1 fog apache 3243 May 27 11:31 .srvprivate.key
                      

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                      Daily Clean Installation Results:
                      https://fogtesting.fogproject.us/
                      FOG Reporting:
                      https://fog-external-reporting-results.fogproject.us/

                      1 Reply Last reply Reply Quote 0
                      • H
                        Hanz
                        last edited by

                        UPDATE: Per SVN 5374 tokens are being created correctly… Thank you @Tom-Elliott !!!

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 2 / 2
                        • First post
                          Last post

                        170

                        Online

                        12.0k

                        Users

                        17.3k

                        Topics

                        155.2k

                        Posts
                        Copyright © 2012-2024 FOG Project