• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    FOG Client on a Mac

    Scheduled Pinned Locked Moved Mac Problems
    15 Posts 3 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hancocza
      last edited by

      Hey Tom,

      My FOG server setup is setup to use https. On PC the https switch works fine, have about 200 computers able to install it and communicate with the server. It’s when I try with the same switch on Mac that i have the issue. Granted, when installing on PC i use the MSI installer with switches, not the SmartInstaller.

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Sebastian Roth

        @hancocza The HTTPS part of FOG/fog-client is still kind of new and not many people have used it so there might be an issue though the fog-client code is backed by a test framework. But let’s see what we can figure out first.

        • What OS/version is your FOG server running on?
        • Did you let FOG setup the apache config for you or did you set it up yourself?
        • Can you access http://x.x.x.x/fog/management/other/ca.cert.der using your browser (note this is a HTTP URL!)?

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        H 1 Reply Last reply Reply Quote 0
        • H
          hancocza @Sebastian Roth
          last edited by

          @sebastian-roth I am running FOG on Ubuntu 16.04 LTS, Fog version is 1.5.0-RC9. I let FOG setup the apache config on it’s own using the https switch in the installer, but then afterwards I changed the hostname to reflect the FQDN of our server, not the IP Address. Also, I pointed the apache config to a different location for certificates for the Web GUI over SSL. I am also able to access the ca.cert.der file using http.

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Sebastian Roth

            @hancocza said in FOG Client on a Mac:

            Also, I pointed the apache config to a different location for certificates for the Web GUI over SSL.

            Well, that is an issue I suppose. The CA (cert) you use does not have the “FOG CA” string in it that the client looks for… The SSL implementation of FOG is made to work out of the box as a self-signed piece but we haven’t made it ready for businesses having their own CA yet. Which cert is your ca.cert.der, it’s that of your company, right?

            Changing the settings.json is a nice hack on windows but I think we should get it right in the first place.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            H 1 Reply Last reply Reply Quote 0
            • H
              hancocza @Sebastian Roth
              last edited by

              @sebastian-roth
              I only use the CA for the Web GUI. I edited the etc\apache2\sites-enabled\001fog file to point to my company’s CA Cert. The ca.cert.der is still fog’s original cert, which i left in place because at the start of my switch to SSL, moving them caused issues with the SSL version of FOG Client. When I left the original certificates in place and edited the 001fog.conf file to point to the custom ones instead, the client works with SSL. On Windows, I no longer have to change the settings.json file, installing it with the switches works. It’s just on Mac OS that it doesn’t work with the switches.

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by

                @hancocza From my point of view (not being the original developer of the fog-client code) I’d say that the usual way in SSL terms would be to generate a so called sub CA and let that be signed from your main company CA. Put that sub CA certificate and key in the right places, re-run the installer and let it create webserver cert and key from that “custom” sub CA. What you’d have to take care of when generating that sub CA is that it has the correct issuer and subject string:

                openssl x509 -in /var/www/fog/management/other/ca.cert.pem -text -noout
                Certificate:
                    Data:
                        Version: 3 (0x2)
                        Serial Number:
                            b2:19:a9:4d:35:bd:a6:f7
                    Signature Algorithm: sha512WithRSAEncryption
                        Issuer: CN=FOG Server CA
                        Validity
                            Not Before: Feb  3 21:17:05 2017 GMT
                            Not After : Feb  1 21:17:05 2027 GMT
                        Subject: CN=FOG Server CA
                        Subject Public Key Info:
                            Public Key Algorithm: rsaEncryption
                                Public-Key: (4096 bit)
                ...
                

                Note that CN=FOG Server CA.

                I’ll try to look into testing the fog-client on a Mac OS machine I have access too sometimes. But can’t promise when that will be.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                H 1 Reply Last reply Reply Quote 0
                • H
                  hancocza @Sebastian Roth
                  last edited by

                  @sebastian-roth said in FOG Client on a Mac:
                  No rush, I leave for a two week vacation tomorrow and it’s not a immediate issue. Thanks!

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by

                    @hancocza Are you able to create a proper sub CA at all?

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    H 1 Reply Last reply Reply Quote 0
                    • H
                      hancocza @Sebastian Roth
                      last edited by

                      @sebastian-roth I’m not sure how to do that. We’ve talked about it before on this forum, re-rolling the client, but then i found if i leave the certs that the client looks for in their normal place, and then use the company’s certs for just the web server, it works fine, at least for PC clients which is a majority of what we have. Because of that and the fact that we only have like 5 iMacs, I haven’t really messed with it.

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by

                        @hancocza Looking into this in more detail I found out that our current fog-client is not able to handle sub/intermediate CAs. Although this would be the proper way to integrate custom CAs we can’t do this yet.

                        So back to your problem I reckon that your company CA cert is not known in the Mac OS X mono keychain and that’s why pinning fails. Did you import the CA cert to your Windows install? Should do this in Mac OS X as well.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        H 1 Reply Last reply Reply Quote 0
                        • H
                          hancocza @Sebastian Roth
                          last edited by

                          @sebastian-roth I didn’t import it on any installs that I’ve done. It always just installs the certificate that is on the server. I believe it’s called srvpublic or something like that, in the SSL folder.

                          1 Reply Last reply Reply Quote 0
                          • S
                            Sebastian Roth Moderator
                            last edited by Sebastian Roth

                            @hancocza Most probably your windows PCs have the CA certificate (imported) that was used to sign the other certificates. To be more concrete - the .NET keystore has the right CA cert to verify the other certs. But probably the Mac OS X mono keystore doesn’t!

                            Edit: Which version of mono did you install and which version of Mac OS X do you use?

                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post

                            197

                            Online

                            12.3k

                            Users

                            17.4k

                            Topics

                            155.8k

                            Posts
                            Copyright © 2012-2025 FOG Project