Custom SSL Certificate with Fog Client Service
-
Hello,
Recently, I purchased an SSL certificate from GoDaddy, for use with a few of the servers that I manage. I’ve gotten the certificate to work with the web server portion of FOG, but I’m trying to figure out how to get it to work with the fog client so that i can continue to send snapins and printers. When using the GoDaddy certificate, i get an error from the fog client stating that the CA is not a FOG CA.
Thanks for any help.
-
You would need to re-compile the FOG Client, but with your new certificate in the correct place - not only this time but every time there’s a new version. The script that builds it is here: https://github.com/FOGProject/fog-client/blob/master/build.ps1
Let us know if you hit any bumps. -
Hi Wayne,
Thanks for replying. So from what I understand, I place the certificate, chain and key into the www/var/fog/management/other/ subfolder, then updated the apache fog site config to point to those certificates. Then I just need to rerun this script? Or do I need to edit this script to point to the new certificates? Is there another place that the certificates need to be updated separately of the web server section?
Thanks!
-
@hancocza No idea. I know that HTTPS certs are implimented seperately and differently than the FOG Client certs - and that they don’t need to match. Perhaps other @Developers or @Moderators or @Testers have a better answer and can chime in.
-
Thanks for the help Wayne. I still have had no luck. Hopefully some others will be able to assist.
-
I ended up getting it to work. The issue was that instead of keeping the new certificate and key files in a separate place, i copied them in and replaced the old private key with my new one. This set off all kinds of issues. I ended up recreating the keys and CA, and then left my certificate files in a separate folder, just for the web server to access. Then you also need to make sure that the fog client is installed using the https switch.
-
@hancocza Thanks for reporting back! I was gonna look into this but didn’t have enough time yet. I am wondering if FOG/client is really using your CA/key/cert now??
I have to admit that I don’t know the client code well enough but knowing a bit about cryptography I really wonder if it’s that easy to trick the FOG client into using custom SSL certs.
I ended up recreating the keys and CA, and then left my certificate files in a separate folder, just for the web server to access.
From this and as well re-reading your topic I think I might have misunderstood at first. You just wanted to use a custom SSL cert for the FOG web GUI (apache)? While I (and Wayne) thought that you wanted to have this custom cert being used also for the FOG client communication.
-
@Sebastian-Roth interesting @hancocza could you point that out exactly please?
-
@Sebastian-Roth My FOG server’s web GUI is using the custom SSL certificate. I couldn’t figure out how to edit the client in order to also use that certificate. I did find though that if you are forcing https on the server, you also have to force https on the clients, otherwise it won’t connect. I would love to just use the one certificate, private key, and chain.pem file to work with the client and GUI together, but editing the client was a bit above my knowledge.
The only downside of doing this the way that I’m doing it is that every time i update the server, i have to replace the 001-fog.conf file in the etc/apache2/sites-enabled/ folder with one that points to my custom certificate files.
-
@hancocza Ok, so I got this. I am looking into the building process of the FOG client right now as our client developer is absent right now. I might come up with a description of how to custom build the client (e.g. for custom SSL cert). I am still trying to get things sorted with the building tools. Let’s hope I get this fixed soon.