Authentication Client CA error
-
Updated svn. Started getting this error on SOME clients. Went into our all group and hit the recert button. Doing that again now…
Tue Jun 21, 2016 12:50 pm
Running Version: 8197
SVN Revision: 5726
--------------------------------Authentication--------------------------------6/21/2016 12:43 PM Client-Info Version: 0.9.10
6/21/2016 12:43 PM Middleware::Communication URL: http://10.95.95.100/fog/management/other/ssl/srvpublic.crt
6/21/2016 12:43 PM Data::RSA FOG Server CA cert found
6/21/2016 12:43 PM Data::RSA ERROR: Certificate validation failed
6/21/2016 12:43 PM Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
6/21/2016 12:43 PM Middleware::Authentication ERROR: Could not authenticate
6/21/2016 12:43 PM Middleware::Authentication ERROR: Certificate is not from FOG CA
6/21/2016 12:43 PM Service Sleeping for 120 seconds -
You need to allow client updates. 0.9.10 probably won’t even work with current trunk, plus 0.9.10 was full of bugs.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@Wayne-Workman
Thats the whole point of this exersize, to get my clients updated. I do have it on, but its not going to update due to the CA error. -
Please try re-running the client installer.
I just tested on a windows xp system. I put 0.9.10 on as in your environment. First startup was Invalid Security Token, i reset encryption data and restarted the service and it immediately updated to 0.11.0
If I had to guess, you updated your CA stuff sometime between 0.9.10 and now? I don’t know all the specifics, but it’s the best information I can give you for now.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Joe-Schmitt correct me if I’m wrong, shouldn’t the client update regardless of authentication? Of course I’m sure the new installer is checked for a valid signature though but i think this is a seperate thing?
-
@Tom-Elliott
let me find another machine and make sure its not just the two in the lab here.
The only thing I did between yesterday and today was the couple svn updates to get power management. Ill report back in a bit. -
@Tom-Elliott
it seems to be very limited to some machines with 9.10 or older. All of the machines i checked that had client 0.9.12 have upgraded to 0.11 . I manually upgraded the 0.9.10 to 0.11 and the error went away. Ill just deal with those as i see them. They must have been having the error a while to never move past 0.9.10 as we have client update on for everyone.Thanks.
-
@Roger-Saffle I’m just guessing that the ca was updated at some point either knowingly or unknown. I’d suggest updating the image that has the 0.9.10 client on it.
