https, with home certificates and boot.php… No such file or directory (http://ipxe.org/2d0c613b)


  • Hello
    On my testing server, centos8 up to date, fog 1.5.9-RC2,
    I try to use local certificates.
    I placed my certificates in /etc/httpd/cert path.
    I first tried to install with the private key using this command:

    sslprivkey='/etc/httpd/cert/star.istic.univ-rennes1.fr.key' ./installfog.sh -y
    

    No success

    I have reinstall forcing certificates generation ```
    ./installfog.sh -C -K

    I modified /etc/httpd/conf.d/fog.conf with:
    ```    #SSLCertificateFile /var/www/html/fog/management/other/ssl/srvpublic.crt
        #SSLCertificateKeyFile /opt/fog/snapins/ssl//.srvprivate.key
        #SSLCACertificateFile /var/www/html/fog//management/other/ca.cert.pem
        SSLCertificateKeyFile /etc/httpd/cert/star.istic.univ-rennes1.fr.key
        SSLCertificateFile /etc/httpd/cert/star_istic_univ-rennes1_fr.crt
        SSLCertificateChainFile /etc/httpd/cert/DigiCertCA.crt
    

    Web console works fine, no more certificat warnings.
    But I have problem on pxe boot.

    I get
    https://148.60.4.2/fog/service/ipxe/boot.php… No such file or directory (http://ipxe.org/2d0c613b)”

    I tried to generate a new ipxe configuration
    cd /opt/fogproject-1.5.9-RC2/utils/FOGiPXE/
    ./buildipxe.sh
    But iI don’t understand where the configuration obtained is put ?

    Any help would be greatly appreciated.

  • Senior Developer

    @lebrun78 said in https, with home certificates and boot.php… No such file or directory (http://ipxe.org/2d0c613b):

    ./installfog.sh -C -K

    I really hope you don’t use the fog-client software as re-generating the internal CA will break all communication to the fog-clients.

    I modified /etc/httpd/conf.d/fog.conf with…

    This will be overwritten as soon as you re-run the FOG installer. I know this part of FOG needs some more attention but I can’t find the time to get into all of this. So I lost track of the SSL stuff a few weeks ago. Will need to work on the wiki article about this again: https://wiki.fogproject.org/wiki/index.php?title=HTTPS (this is not ready-set-go yet)

    I tried to generate a new ipxe configuration
    cd /opt/fogproject-1.5.9-RC2/utils/FOGiPXE/
    ./buildipxe.sh

    You will need to specify your CA cert on the command line when building and manually copy the binaries over after that, e.g.:

    cd /opt/fogproject-1.5.9-RC2/utils/FOGiPXE/
    ./buildipxe.sh /etc/httpd/cert/DigiCertCA.crt
    cd ../../packages/tftp/
    find -type f -exec cp -Rfv {} /tftpboot/{} \;
    

375
Online

7.7k
Users

14.7k
Topics

138.4k
Posts