• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Fog Service Certificate......

    Scheduled Pinned Locked Moved
    General
    1
    2
    433
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      John Sayce
      last edited by

      I use fog on multiple sites with an instance setup on each site but we use the same images on all sites. We then have the clients pointing at fog.ourdomain.local and a DNS record setup pointing this address to all of the servers. Netmask ordering then points the clients to the appropriate server on each site.

      We’ve started using the new client but I believe this is using certificates for authentication. This is then creating issues with the images.

      We get the following error in the Fog client log:

      --------------------------------Authentication--------------------------------

      27/07/2018 16:55 Client-Info Version: 0.11.11
      27/07/2018 16:55 Client-Info OS: Windows
      27/07/2018 16:55 Middleware::Authentication Waiting for authentication timeout to pass
      27/07/2018 16:57 Middleware::Communication Download: http://serveraddress.local/fog/management/other/ssl/srvpublic.crt
      27/07/2018 16:57 Data::RSA FOG Server CA cert found
      27/07/2018 16:57 Data::RSA ERROR: Certificate validation failed
      27/07/2018 16:57 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. (NotSignatureValid)
      27/07/2018 16:57 Middleware::Authentication ERROR: Could not authenticate
      27/07/2018 16:57 Middleware::Authentication ERROR: Certificate is not from FOG CA

      Now this seems to suggest that the root certificates aren’t in the store, which is correct because this is a different root certificatre. So I can copy across the ca.cert.pem and ca.cert.der but then the srvpublic.crt file isn’t signed with these certificates. And If I copy across srvpublic.crt I get the following error.

      Middleware:: Response Failed to decrypt data

      My guess is because this certificate now has the wrong subject name. So I think I need to generate a new srvpublic.crt certificate and sign it with the root certificates from the other server?

      Is that correct? Would someone be able to advise how to proceed?

      However it’s probably worth mentioning the server I’m copying the certificates from has the certificate issued to the IP address rather than the host name of the server or the fog.ourdomain.local address I’m configuring in the client. If I have to regenerate all my certificates to achieve what I’m after then that’s fine.

      J 1 Reply Last reply Reply Quote 0
      • J
        John Sayce @John Sayce
        last edited by

        @john-sayce Ignore this. Either I managed to do as described or the problem was actually something else (because I was tired or stupid) and I’ve broken it then fixed it.

        Thanks anyhow.

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post

        267

        Online

        11.7k

        Users

        17.2k

        Topics

        154.7k

        Posts
        Copyright © 2012-2024 FOG Project