Error: Installing Client Outside of Local Network (Unable to install CA certificate)

fud18

Server

• FOG Version: 1.4.0-RC-9.3
• OS: CentOS 7 (7.3.1611)

Client

• Service Version: Latest Version as of 05/02/2017
• OS: Windows 7 through 10 Professional/Home

Description

Whenever I try to install the client on a machine that is outside of my local network (192.168.3.x) i receive the error about Unable to install CA certificate. I am able to install it without problems inside my local network.

fud18

RESOLVED: I was forcing https on the forward and as soon as I removed that it started working and I have already had 3 machines check in and they were the ones I just installed the client on remotely.

Tom Elliott

Right, that’s the whole point.

You don’t have a client that cannot verify a trusted source and the server won’t send a client information that it cannot trust. This is expected.

fud18

@Tom-Elliott Thanks Tom I just wanted to make sure that was how it was supposed to work. I was trying to update some of my evening clients but I will have to set them up a VPN or do it when they bring their machines back to me.

Tom Elliott

@fud18 This “new client” isn’t the only one that would have this.

The Client works by talking to the fog server. Even the legacy client would fail to work (though install would work) because it would not be able to reach the server. How would it even operate? I guess, why would you install the client on machines that cannot reach the fog server?

fud18

I forgot to mention that even though this is behind my router I have allow my server to be publicly accessible by opening ports. I am able to get to my fog server from anywhere using its web address (fogserver.xxx.homelinux.net).

Tom Elliott

@fud18 Then why not use “fogserver.xxx.homelinux.net” as the communicator for the Client?

fud18

@Tom-Elliott If you are talking about when I run the client installer and it already has fogserver in the field I am.

Tom Elliott

@fud18 Yes, update fogserver to the fqdn that is DNS resolvable.

fud18

Am I doing this in the Fog server installer or in the fog config?

Tom Elliott

@fud18 You’re doing this in the FOG Client Installer, where it says “fogserver”

fud18

That’s where I am putting fogserver.xxx.homelinux.net. Then it gets to the part about the CA certificate and fails.

Tom Elliott

@fud18 then you will probably need to update your information.

edit the fog server’s /opt/fog/.fogsettings file and change the ip= to be:

fogserver.xxx.homelinux.net

Rerun the fog installer with:
./installfog.sh -y --recreate-keys --recreate-ca

This should regenerate the certificates and use the fqdn for the common name of your CA.

fud18

Do I need to restart the server or anything once that is done to complete? Do I need to give it time or that should be it?

1. I have changed the settings in .fogsettings to be the FQDN
2. I have ran the command as you posted ./installfog.sh -y --recreate-keys --recreate-ca

Tom Elliott

There shouldn’t be anything special once that is done. The server should be setup and operational using the FQDN even from a browser so long as the port forwarding is setup properly and the DNS is set to look at your public IP Address.

fud18

Is there maybe a port number I am missing that I need to let through? Just trying to check all options.

Tom Elliott

What port or ports did you initially allow?

fud18

Looks like 80 & 443

Tom Elliott

And the port forward is a “src” of Any or 0.0.0.0 and Destination is your “local network’s” fog server IP address?

fud18

fud18

RESOLVED: I was forcing https on the forward and as soon as I removed that it started working and I have already had 3 machines check in and they were the ones I just installed the client on remotely.