FOG update to 1.5.5 doesn't allow passphrase entry for SSL/TLS key



  • Hello,

    I went to update to the latest version of FOG (1.5.5) and the installer failed shortly after the “updating packages as needed” step. It looks like it skipped the part where you can enter the password for your ssl certificate key. In the past, it would ask for the password and allow you to enter it, but this time it comes up with an error saying “Please enter password with the systemd-tty-ask-password-agent tool!”.

    Any help would be greatly appreciated!


  • Developer

    @hancocza I totally missunderstood this whole topic right from the start. It would have helped a lot of you’d clearly mentioned that you are using a custom SSL certificate. Might be obvious but I did not get it.

    So what you describe here has nothing to do with FOG as far as I understand it. The password input stuff is something Ubuntu is doing when you start the apache webserver and you have a password protected private key. We as in the FOG installer does not add anything to that. So my guess is that Ubuntu changed things with one of the latest updates.

    Probably you just need to install the correct extra package to make this work again…



  • @Sebastian-Roth I am running Ubuntu 16.04 LTS


  • Developer

    @hancocza Ahhh now I see. Please tell us which Linux OS (and version) you have.

    The messages “Enter passphrase for SSL/TLS keys…” and “Please enter password with the systemd-tty-ask-password-agent tool” are not something we do in the FOG installer scripts. So my guess is that on your system the package installer enables SSL for apache and also generates certificates with non-empty password by default when installing the apache package.

    Not saying that you never should but it is most common to have apache web server certificates without password because you need to enter that password on each reboot. A lot of servers need to be “restat-able” without user interaction.




  • Developer

    @hancocza Maybe upload to an image sharing platform and post links here?



  • @Sebastian-Roth I can’t get it to replicate, since it already updated the apache2 package. But it’s basically the capture 2 image, except in the capture1 selected section if that makes sense (see attached files). EDIT: For some reason i can’t upload the screen captures.


  • Developer

    @hancocza Can you please take a picture or screenshot of where exactly it hangs?! I still have no clue whatsoever…



  • @Sebastian-Roth It’s more so the apache2 package that asks. We have a custom certificate that we use for HTTPS traffic on the fog web server. The key for that certificate is password protected. So when apache2 service is launched it requests the password to access the private key. I assume if the key weren’t password protected, it wouldn’t ask for it.

    Either way, it works. Just hangs for about ten minutes before the timeout happens.


  • Developer

    @hancocza said in FOG update to 1.5.5 doesn't allow passphrase entry for SSL/TLS key:

    It looks like it skipped the part where you can enter the password for your ssl certificate key. In the past, it would ask for the password and allow you to enter it,

    Not sure if this was before my time but I have never seen the installer ask you for a SSL key password. Are you sure?



  • Looks like it continued after about a ten minute delay. My guess is that during the package update, apache2 had to be restarted. When the fog installer restarts the apache server later in the install, the passphrase entry for the ssl key works fine. Just wanted to let you know it’s not a pressing issue, as it completes the install.


 

559
Online

5.4k
Users

12.6k
Topics

118.8k
Posts