• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Custom SSL Certificate with Fog Client Service

Scheduled Pinned Locked Moved
General Problems
4
10
2.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hancocza
    last edited by Jul 17, 2017, 2:11 PM

    Hello,

    Recently, I purchased an SSL certificate from GoDaddy, for use with a few of the servers that I manage. I’ve gotten the certificate to work with the web server portion of FOG, but I’m trying to figure out how to get it to work with the fog client so that i can continue to send snapins and printers. When using the GoDaddy certificate, i get an error from the fog client stating that the CA is not a FOG CA.

    Thanks for any help.

    1 Reply Last reply Reply Quote 0
    • W
      Wayne Workman
      last edited by Jul 18, 2017, 12:00 AM

      You would need to re-compile the FOG Client, but with your new certificate in the correct place - not only this time but every time there’s a new version. The script that builds it is here: https://github.com/FOGProject/fog-client/blob/master/build.ps1
      Let us know if you hit any bumps.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
      Daily Clean Installation Results:
      https://fogtesting.fogproject.us/
      FOG Reporting:
      https://fog-external-reporting-results.fogproject.us/

      1 Reply Last reply Reply Quote 0
      • H
        hancocza
        last edited by Jul 18, 2017, 11:44 AM

        Hi Wayne,

        Thanks for replying. So from what I understand, I place the certificate, chain and key into the www/var/fog/management/other/ subfolder, then updated the apache fog site config to point to those certificates. Then I just need to rerun this script? Or do I need to edit this script to point to the new certificates? Is there another place that the certificates need to be updated separately of the web server section?

        Thanks!

        W 1 Reply Last reply Jul 19, 2017, 12:32 AM Reply Quote 0
        • W
          Wayne Workman @hancocza
          last edited by Jul 19, 2017, 12:32 AM

          @hancocza No idea. I know that HTTPS certs are implimented seperately and differently than the FOG Client certs - and that they don’t need to match. Perhaps other @Developers or @Moderators or @Testers have a better answer and can chime in.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
          Daily Clean Installation Results:
          https://fogtesting.fogproject.us/
          FOG Reporting:
          https://fog-external-reporting-results.fogproject.us/

          1 Reply Last reply Reply Quote 0
          • H
            hancocza
            last edited by Jul 19, 2017, 5:05 PM

            Thanks for the help Wayne. I still have had no luck. Hopefully some others will be able to assist.

            1 Reply Last reply Reply Quote 0
            • H
              hancocza
              last edited by Jul 21, 2017, 12:32 PM

              I ended up getting it to work. The issue was that instead of keeping the new certificate and key files in a separate place, i copied them in and replaced the old private key with my new one. This set off all kinds of issues. I ended up recreating the keys and CA, and then left my certificate files in a separate folder, just for the web server to access. Then you also need to make sure that the fog client is installed using the https switch.

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Jul 21, 2017, 9:45 PM

                @hancocza Thanks for reporting back! I was gonna look into this but didn’t have enough time yet. I am wondering if FOG/client is really using your CA/key/cert now??

                I have to admit that I don’t know the client code well enough but knowing a bit about cryptography I really wonder if it’s that easy to trick the FOG client into using custom SSL certs.

                I ended up recreating the keys and CA, and then left my certificate files in a separate folder, just for the web server to access.

                From this and as well re-reading your topic I think I might have misunderstood at first. You just wanted to use a custom SSL cert for the FOG web GUI (apache)? While I (and Wayne) thought that you wanted to have this custom cert being used also for the FOG client communication.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                X H 2 Replies Last reply Jul 23, 2017, 7:52 AM Reply Quote 0
                • X
                  x23piracy @Sebastian Roth
                  last edited by Jul 23, 2017, 7:52 AM

                  @Sebastian-Roth interesting @hancocza could you point that out exactly please?

                  ║▌║█║▌│║▌║▌█

                  1 Reply Last reply Reply Quote 0
                  • H
                    hancocza @Sebastian Roth
                    last edited by Jul 24, 2017, 1:16 PM

                    @Sebastian-Roth My FOG server’s web GUI is using the custom SSL certificate. I couldn’t figure out how to edit the client in order to also use that certificate. I did find though that if you are forcing https on the server, you also have to force https on the clients, otherwise it won’t connect. I would love to just use the one certificate, private key, and chain.pem file to work with the client and GUI together, but editing the client was a bit above my knowledge.

                    The only downside of doing this the way that I’m doing it is that every time i update the server, i have to replace the 001-fog.conf file in the etc/apache2/sites-enabled/ folder with one that points to my custom certificate files.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by Jul 24, 2017, 1:53 PM

                      @hancocza Ok, so I got this. I am looking into the building process of the FOG client right now as our client developer is absent right now. I might come up with a description of how to custom build the client (e.g. for custom SSL cert). I am still trying to get things sorted with the building tools. Let’s hope I get this fixed soon.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      1 / 1
                      • First post
                        6/10
                        Last post

                      208

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project