Error: Installing Client Outside of Local Network (Unable to install CA certificate)
-
Server
- FOG Version: 1.4.0-RC-9.3
- OS: CentOS 7 (7.3.1611)
Client
- Service Version: Latest Version as of 05/02/2017
- OS: Windows 7 through 10 Professional/Home
Description
Whenever I try to install the client on a machine that is outside of my local network (192.168.3.x) i receive the error about Unable to install CA certificate. I am able to install it without problems inside my local network.
-
RESOLVED: I was forcing https on the forward and as soon as I removed that it started working and I have already had 3 machines check in and they were the ones I just installed the client on remotely.
-
Right, that’s the whole point.
You don’t have a client that cannot verify a trusted source and the server won’t send a client information that it cannot trust. This is expected.
-
@Tom-Elliott Thanks Tom I just wanted to make sure that was how it was supposed to work. I was trying to update some of my evening clients but I will have to set them up a VPN or do it when they bring their machines back to me.
-
@fud18 This “new client” isn’t the only one that would have this.
The Client works by talking to the fog server. Even the legacy client would fail to work (though install would work) because it would not be able to reach the server. How would it even operate? I guess, why would you install the client on machines that cannot reach the fog server?
-
I forgot to mention that even though this is behind my router I have allow my server to be publicly accessible by opening ports. I am able to get to my fog server from anywhere using its web address (fogserver.xxx.homelinux.net).
-
@fud18 Then why not use “fogserver.xxx.homelinux.net” as the communicator for the Client?
-
@Tom-Elliott If you are talking about when I run the client installer and it already has fogserver in the field I am.
-
@fud18 Yes, update fogserver to the fqdn that is DNS resolvable.
-
Am I doing this in the Fog server installer or in the fog config?
-
@fud18 You’re doing this in the FOG Client Installer, where it says “fogserver”
-
That’s where I am putting fogserver.xxx.homelinux.net. Then it gets to the part about the CA certificate and fails.
-
@fud18 then you will probably need to update your information.
edit the fog server’s
/opt/fog/.fogsettingsfile and change theip=to be:fogserver.xxx.homelinux.netRerun the fog installer with:
./installfog.sh -y --recreate-keys --recreate-caThis should regenerate the certificates and use the fqdn for the common name of your CA.
-
Do I need to restart the server or anything once that is done to complete? Do I need to give it time or that should be it?
- I have changed the settings in .fogsettings to be the FQDN
- I have ran the command as you posted ./installfog.sh -y --recreate-keys --recreate-ca
-
There shouldn’t be anything special once that is done. The server should be setup and operational using the FQDN even from a browser so long as the port forwarding is setup properly and the DNS is set to look at your public IP Address.
-
Is there maybe a port number I am missing that I need to let through? Just trying to check all options.
-
What port or ports did you initially allow?
-
Looks like 80 & 443
-
And the port forward is a “src” of Any or 0.0.0.0 and Destination is your “local network’s” fog server IP address?
-
-
RESOLVED: I was forcing https on the forward and as soon as I removed that it started working and I have already had 3 machines check in and they were the ones I just installed the client on remotely.
