• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FOG/Apache PKI/Certificate Authentication

Scheduled Pinned Locked Moved
General
3
52
10.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Sebastian Roth Moderator
    last edited by Dec 17, 2019, 9:02 AM

    @ty900000 Yes, it’d be great if you share your changes with us. Though we probably won’t add this feature to the soon to come 1.5.8 release (only bug fixing) but to FOG 1.6…

    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

    T 1 Reply Last reply Dec 17, 2019, 12:49 PM Reply Quote 0
    • T
      ty900000 @Sebastian Roth
      last edited by Dec 17, 2019, 12:49 PM

      @Sebastian-Roth said in FOG/Apache PKI/Certificate Authentication:

      @ty900000 Yes, it’d be great if you share your changes with us. Though we probably won’t add this feature to the soon to come 1.5.8 release (only bug fixing) but to FOG 1.6…

      Right, sounds good. Do you all have a preferred method as to where I can send stuff?

      Thanks again everyone!

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Dec 17, 2019, 5:34 PM

        @ty900000 Usually opening a pull request on github is the best way. But in this case I am not exactly sure if it is. Do you have an account with github.com yet? Do you know how to fork our project and send a pull request?

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        T 1 Reply Last reply Dec 17, 2019, 7:37 PM Reply Quote 0
        • T
          ty900000 @Sebastian Roth
          last edited by Dec 17, 2019, 7:37 PM

          @Sebastian-Roth

          I think I managed to do it properly. Let me know if I need to change anything. Thanks!

          1 Reply Last reply Reply Quote 1
          • T
            ty900000
            last edited by Dec 18, 2019, 4:03 PM

            Looks like everything is happy on Github. I see Mr. Tom Elliott has take a quick look at it already.

            While that is being looked over and decided on what updates I need to make, I wanted to reach out and see if anyone could help me with the iPXE issue I am still having. If I try to boot iPXE over HTTPS, I get this error http://ipxe.org/err/1c0de8. I don’t know if iPXE technically needs HTTPS? Does that mean the imaging process is unencrypted?

            Thanks to everyone for the assistance! I really appreciate all the hard work!

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by Dec 18, 2019, 7:03 PM

              @ty900000 Tom Elliott is FOG’s senior developer. 🙂 I just send a few more comments.

              About the iPXE issue. I think what you are running into is described here as well: https://forums.fogproject.org/topic/12768/not-able-to-tftp-boot-invalid-argument-error

              Probably best if we use this forum thread to discuss this iPXE issue to keep things sorted. Read through the whole thread and also check out my posts in the iPXE forums and on the developers mailing list. Unfortunately they haven’t been very active over the last months/year and we’d probably need to fix this ourselves and send in a pull request. Last year I have spent some ours to try and fix this but it’s just over my head and time budged right now.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • T
                ty900000
                last edited by ty900000 Dec 18, 2019, 2:59 PM Dec 18, 2019, 8:58 PM

                @Sebastian-Roth

                Yes! I’ve seen Mr. Elliott around everywhere on these forums offering his wisdom for years. 🙂

                I read over that forum post about iPXE and it does seem like you did run into a specific issue and then iPXE (the organization) got busy or disappeared. I have an idea after reading over some iPXE documentation, but I have a question first. When I run buildipxe.sh and it makes the new files and then copies them to the right directories, do I have to restart any services for that to take effect?

                The reason I ask is because I modified buildipxe.sh and completely removed the BUILDOPTS from all four make calls (BIOS and EFI, regular and 10secdelay). So, the iPXE that gets created should not have custom certificates loaded into it, right? If that’s true, I am seeing some weird behavior. Even when I reboot the FOG server, attempt to iPXE boot, it fails and I hop into the iPXE shell, I run a certstat and it still displays my custom CA certificates as being [PERMANENT]. That shouldn’t be happening?

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by Dec 18, 2019, 9:16 PM

                  @ty900000 said:

                  When I run buildipxe.sh and it makes the new files and then copies them to the right directories, do I have to restart any services for that to take effect?

                  No restart needed but you need to manually copy the binaries from fogproject-source/packages/tftp/ to /tftpboot/ directory!

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  T 1 Reply Last reply Dec 19, 2019, 3:30 PM Reply Quote 0
                  • T
                    ty900000 @Sebastian Roth
                    last edited by Dec 19, 2019, 3:30 PM

                    @Sebastian-Roth

                    Gotcha. Yeah, I feel foolish. I apologize!

                    I had an idea based off this webpage: http://ipxe.org/crypto#embedded_certificates. I noticed in the client certificate section when making ipxe you can add in a client certificate and its private key. I attempted to do this in various ways, but never got it to work. It did load the client certificate and the chain of CAs, but I still got the same error (http://ipxe.org/err/1c0de8). I saw you previously attempted to comment out the offending lines and then got a “cert too big” error.

                    The weird thing is I could use the certstore command and the HTTP address of my OCSP server and pull in a random certificate (just to verify) and the command did connect and pull in the certificate. So, there is definitely something strange with iPXE, HTTPS, and connecting to itself.

                    That was the only idea I really had, unfortunately. I don’t know where to go next or if it should just be counted as a loss.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by Dec 19, 2019, 4:00 PM

                      @ty900000 said in FOG/Apache PKI/Certificate Authentication:

                      That was the only idea I really had, unfortunately. I don’t know where to go next or if it should just be counted as a loss.

                      Good question. I would think that someone with a little bit of C programing skills and a fair amount of time could work this out for sure. I just lack the time to work on this. Do you know anyone who’d be keen? I can post all the details I know and give hints when needed.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      T 1 Reply Last reply Dec 20, 2019, 7:19 PM Reply Quote 0
                      • T
                        ty900000 @Sebastian Roth
                        last edited by Dec 20, 2019, 7:19 PM

                        @Sebastian-Roth said in FOG/Apache PKI/Certificate Authentication:

                        Do you know anyone who’d be keen?

                        No, unfortunately I don’t know anyone who is a C programmer. Most of the people I work with are .NET programmers… But, I can ask around to see if there are any other people on different teams who work with C.

                        I know you guys are super busy and this isn’t super important, so no worries!

                        1 Reply Last reply Reply Quote 0
                        • T
                          ty900000 @Sebastian Roth
                          last edited by Jan 13, 2020, 6:21 PM

                          @Sebastian-Roth

                          Yes, sir! My apologies for not doing this sooner.

                          https://forums.fogproject.org/topic/14116/development-fog-not-capturing-image-partclone-update

                          1 Reply Last reply Reply Quote 1
                          • 1
                          • 2
                          • 3
                          • 3 / 3
                          • First post
                            Last post

                          162

                          Online

                          12.0k

                          Users

                          17.3k

                          Topics

                          155.2k

                          Posts
                          Copyright © 2012-2024 FOG Project