• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    2019...a step by step activating ssl and complying iPXE with it

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    41
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marted
      last edited by

      During my setup of new FOG server I came across other issue. I tried to activate https SSL and my ipxe doesn’t boot anymore and the web access got certification problem (not trusted). I saw a lot here in the forum about that but still can not find a place here where it is explained step by step how to activate SSL and got it to work well with iPXE https and access web trusted certificates. Maybe I missed it, but if you can guide me on how to do it I’ll be so helpful.
      Thanks again for all your help!!

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Sebastian Roth

        @marted said:

        I tried to activate https SSL

        How did you try to activate SSL? Please give us the details so we know what you did.

        my ipxe doesn’t boot anymore

        Depending on how you tried to switch to SSL this has not been properly finished by the installer.

        the web access got certification problem (not trusted).

        How should it be different. We can’t provide a well formed SSL certificate for you. The only option we have is generate a self signed certificate and this is causing the cert notice in the browser.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        M 2 Replies Last reply Reply Quote 0
        • M
          marted @Sebastian Roth
          last edited by marted

          @Sebastian-Roth I installed fog with options -S -K -C!
          And now it is like this on boot.
          It’s working fine with http
          6FE8301C-C759-481B-B041-5D844B53C760.jpeg

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by

            @marted Can you please post the full install error log file here? Find it in fogproject/bin/error_logs/fog_error_1.5.7.log…

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            M 2 Replies Last reply Reply Quote 0
            • M
              marted @Sebastian Roth
              last edited by marted

              @Sebastian-Roth the errors you see are from when I tried also to use ./buildpxe but not worked
              7B01283D-DF94-4600-AB36-493DF0D463C4.jpeg

              1 Reply Last reply Reply Quote 0
              • M
                marted @Sebastian Roth
                last edited by

                @Sebastian-Roth may be ./rebuildpxe made some changes . Actually I’ll reinstall the server again with the options -S -K -C and will give it a try again.
                I’m at the beginning of setup a new server FOG and there is no problem to reinstall it

                1 Reply Last reply Reply Quote 0
                • M
                  marted @Sebastian Roth
                  last edited by

                  @Sebastian-Roth after reinstalling the server with -S -C -K this is the output. It failed to activate iPXE sll
                  4AF33B30-5B16-4DEC-B1F4-5020E57F3FB3.jpeg

                  This is on web (yes I put my user in the place of the ip)

                  05D4299D-87BA-4DD0-AD7C-A7EBF9C508A4.jpeg

                  Tom ElliottT 1 Reply Last reply Reply Quote 0
                  • Tom ElliottT
                    Tom Elliott @marted
                    last edited by

                    @marted In the bin folder should be another folder called error_logs with the latest file you just attempted installing.

                    Can you provide this log so we can see what’s happening and why?

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    M 2 Replies Last reply Reply Quote 0
                    • M
                      marted @Tom Elliott
                      last edited by

                      @Tom-Elliott two fils in it
                      First one foginstall.log
                      64315EDB-A084-4C68-8000-6DD4F465F961.jpeg

                      Second one fog_error_1.5.7.log
                      E255427C-C0A2-4861-B0B3-CF8F3A9DF0CE.jpeg

                      Tom ElliottT 1 Reply Last reply Reply Quote 0
                      • M
                        marted @Tom Elliott
                        last edited by

                        @Tom-Elliott but I fond something here in the forum and I was wondering if this are the steps i should do to make it works:

                        Install of fog with the “-S” option to activate SSL

                        Copy of the certificate and the private key on the machine

                        Edit the Vhost file with the path of the private key and the certificate (with a restart of Apache2)

                        Modify the CA by default in the directories /etc/apache2/ssl/CA/ and /opt/fog/snapins/ssl/CA/ with our own CA

                        Execute the script buildipxe.sh from the directory /path/to/fogproject_git_repo/utils/FOGiPXE/

                        And finally, copy the new binaries from /path/to/fogproject_git_repo/packages/tftp to /tftpboot

                        1 Reply Last reply Reply Quote 0
                        • Tom ElliottT
                          Tom Elliott @marted
                          last edited by

                          @marted If you copy and paste the contents of the logs we can read them much more simply.

                          That said, it appears to be failing because your machine is missing the git command.

                          I don’t know what OS you’re running, but you should there are numerous programs needed to be installed in order to build iPXE.

                          You’ll need to install these programs to successfully build iPXE to begin with.

                          First, start with installing git for your OS. (typically apt-get install build-essential wget git or yum -y groupinstall "DevelopmentTools" ; yum -y install git)

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            marted @Tom Elliott
                            last edited by

                            @Tom-Elliott Now it works 🙂
                            it finished compiling the iPXE and after this I’ve booted a computer and everything was OK, iPXE boot. when it boots a computer It says that it boot http iPXE but I think this is not the right information right?
                            the web access is still non secure even with https. Is there any way to fix that?

                            Tom ElliottT 1 Reply Last reply Reply Quote 0
                            • Tom ElliottT
                              Tom Elliott @marted
                              last edited by

                              @marted TO get rid of the “not secure” you see, you need to download the ca.cert from the FOG Server.

                              https://foglabunix/fog/management/other/ca.cert.der

                              And put that in your machine’s trust root authority.

                              As to making iPXE obtain from https, you should be able to do this by reinstalling fog (assuming you didn’t reinstall when building the ipxe binaries)?

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              M 3 Replies Last reply Reply Quote 0
                              • S
                                Sebastian Roth Moderator
                                last edited by Sebastian Roth

                                @marted said in 2019...a step by step activating ssl and complying iPXE with it:

                                when it boots a computer It says that it boot http iPXE but I think this is not the right information right?

                                Please take a picture of that and post here.

                                Important: In the picture you posted earlier it looks like you run the installer with sudo (sudo ./installfog.sh). You should not! Properly change to the root account using sudo -i und run the installer from that.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                1 Reply Last reply Reply Quote 0
                                • M
                                  marted @Tom Elliott
                                  last edited by

                                  @Tom-Elliott said in 2019...a step by step activating ssl and complying iPXE with it:

                                  TO get rid of the “not secure” you see, you need to download the ca.cert from the FOG Server.
                                  https://foglabunix/fog/management/other/ca.cert.der
                                  And put that in your machine’s trust root authority.

                                  Could you tell me where to put exactly the certificate on my server root ?

                                  Tom ElliottT 1 Reply Last reply Reply Quote 0
                                  • M
                                    marted @Tom Elliott
                                    last edited by

                                    @Tom-Elliott said in 2019...a step by step activating ssl and complying iPXE with it:

                                    As to making iPXE obtain from https, you should be able to do this by reinstalling fog (assuming you didn’t reinstall when building the ipxe binaries)?

                                    The iPXE was recompiled at the end of the new installation with success. Do I have to start again the installation?

                                    1 Reply Last reply Reply Quote 0
                                    • Tom ElliottT
                                      Tom Elliott @marted
                                      last edited by Tom Elliott

                                      @marted Your local machine (the one you’re accessing the FOG GUI from) Trusted Root Authority.

                                      This is either Certlm.msc or certmgr.msc (LM = Local Machine, MGR = Current User) in windows.

                                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      M 1 Reply Last reply Reply Quote 0
                                      • Tom ElliottT
                                        Tom Elliott
                                        last edited by

                                        When running the installer, you should only need to use the -S argument. -C forces the installer to recreate the CA certificates. -K forces regenerating the keys for the fog server. the -K won’t be overly problematic but the -C will cause issues

                                        the -S just forces HTTPS.

                                        As @Sebastian-Roth as requested, please provide a photo of the tftp trying to use http instead of https

                                        Thank you,

                                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                        M 1 Reply Last reply Reply Quote 0
                                        • M
                                          marted @Tom Elliott
                                          last edited by

                                          @Tom-Elliott got this. Thanks

                                          1 Reply Last reply Reply Quote 0
                                          • M
                                            marted @Tom Elliott
                                            last edited by

                                            @Tom-Elliott said in 2019...a step by step activating ssl and complying iPXE with it:

                                            @marted TO get rid of the “not secure” you see, you need to download the ca.cert from the FOG Server.
                                            https://foglabunix/fog/management/other/ca.cert.der
                                            And put that in your machine’s trust root authority.
                                            As to making iPXE obtain from https, you should be able to do this by reinstalling fog (assuming you didn’t reinstall when building the ipxe binaries)?

                                            Tom I have a little bit different configuration from the standard. My FOG server is in private network 192. and I have a NAT IP 132. 1:1 only for my server for accessing it from internet. Even with certificate installed it says that the certificate is only for 192.168 and name foglabunix and not for my address 132.208, which is normal. How can i pass to the certificate my second IP 132.208?
                                            Is there a way to add it in fogconfig file in the variable ipaddress both with the private IP or there is other way?
                                            By the way in MAC OS when I installed the certificate, even with 132.208 it accepted it and I have a SSL connection with no error.
                                            screenshot_4.png

                                            Tom ElliottT 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post

                                            202

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project