Fog Service Certificate......

  • I use fog on multiple sites with an instance setup on each site but we use the same images on all sites. We then have the clients pointing at fog.ourdomain.local and a DNS record setup pointing this address to all of the servers. Netmask ordering then points the clients to the appropriate server on each site.

    We’ve started using the new client but I believe this is using certificates for authentication. This is then creating issues with the images.

    We get the following error in the Fog client log:


    27/07/2018 16:55 Client-Info Version: 0.11.11
    27/07/2018 16:55 Client-Info OS: Windows
    27/07/2018 16:55 Middleware::Authentication Waiting for authentication timeout to pass
    27/07/2018 16:57 Middleware::Communication Download: http://serveraddress.local/fog/management/other/ssl/srvpublic.crt
    27/07/2018 16:57 Data::RSA FOG Server CA cert found
    27/07/2018 16:57 Data::RSA ERROR: Certificate validation failed
    27/07/2018 16:57 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
    27/07/2018 16:57 Middleware::Authentication ERROR: Could not authenticate
    27/07/2018 16:57 Middleware::Authentication ERROR: Certificate is not from FOG CA

    Now this seems to suggest that the root certificates aren’t in the store, which is correct because this is a different root certificatre. So I can copy across the ca.cert.pem and ca.cert.der but then the srvpublic.crt file isn’t signed with these certificates. And If I copy across srvpublic.crt I get the following error.

    Middleware:: Response Failed to decrypt data

    My guess is because this certificate now has the wrong subject name. So I think I need to generate a new srvpublic.crt certificate and sign it with the root certificates from the other server?

    Is that correct? Would someone be able to advise how to proceed?

    However it’s probably worth mentioning the server I’m copying the certificates from has the certificate issued to the IP address rather than the host name of the server or the fog.ourdomain.local address I’m configuring in the client. If I have to regenerate all my certificates to achieve what I’m after then that’s fine.

  • @john-sayce Ignore this. Either I managed to do as described or the problem was actually something else (because I was tired or stupid) and I’ve broken it then fixed it.

    Thanks anyhow.