• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Setting up an existing FOG Server installation with a new SSL Certificate

Scheduled Pinned Locked Moved
FOG Problems
2
9
1.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hancocza
    last edited by Jun 16, 2020, 2:41 PM

    Hello,

    I’m currently running FOG 1.5.9 RC2.9 with the SSL option. The certificate that we use for this server was updated, and so now i’m trying to get this new certificate to work with the existing FOG Installation. Are there steps on how to get everything working with it? I know when you do a new installation from scratch, you can choose the certificate and key to use, but there doesn’t seem to be that step when updating to newer versions.

    Thanks!

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Jun 16, 2020, 9:42 PM

      @hancocza We need more information to be able to help.

      The certificate that we use for this server was updated

      Please tell us more about this certificate. Is this a cert generated by the FOG installer or one that you get from a different certificate authority?

      Are there steps on how to get everything working with it?

      What were the exact steps you took to make it work in the first place?

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      H 1 Reply Last reply Jun 17, 2020, 1:22 PM Reply Quote 1
      • H
        hancocza @Sebastian Roth
        last edited by Jun 17, 2020, 1:22 PM

        @Sebastian-Roth it is a custom certificate through godaddy. They renew every year, so I need to update the certificate on the server. Previously (before 1.5.8), I would set it up without ssl and then add in the 443 port config to the apache portion of the server. When I did a fresh install of 1.5.8, the installer asked for the certificate location and the key location if I remember correctly. I did that in February of this year. Now the time came to update the certificate, but I’m not exactly sure where I need to make changes to point to the new certificate besides the apache config.

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Jun 17, 2020, 7:25 PM

          @hancocza said in Setting up an existing FOG Server installation with a new SSL Certificate:

          When I did a fresh install of 1.5.8, the installer asked for the certificate location and the key location if I remember correctly.

          Not that I know of.

          Now the time came to update the certificate, but I’m not exactly sure where I need to make changes to point to the new certificate besides the apache config.

          I am still missing some bits to get the full picture! 1.5.8 was installed without SSL, then Apache config modified manually to enable SSL? Did you also enable SSL in the .fogsettings configuration or through the FOG installer? At what stage did you do that, right after 1.5.8 install, in between or when updating to 1.5.9-RC2?

          Please post your Apache config (one single file FOG generates for you) as well as the output from grep httpproto /opt/fog/.fogsettings here in the forums. Without that information I can only guess and would likely lead you the wrong way.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          H 2 Replies Last reply Jun 18, 2020, 12:40 PM Reply Quote 0
          • H
            hancocza @Sebastian Roth
            last edited by Jun 18, 2020, 12:40 PM

            @Sebastian-Roth Initially i installed it without SSL, correct. Then added the 443 section manually. When I upgraded to 1.5.9-RC2, I decided to let the FOG installer handle the SSL setup by using the -S option on install. Once the install was done and the default certificate for FOG was created, I went into the apache config and pointed the certificate lines to my certificate that i got from GoDaddy. That was fine. I’m just trying to figure out if there are other steps that need to be taken to replace the default certificate that was created by the installer with the certificate I have.

            1 Reply Last reply Reply Quote 0
            • H
              hancocza @Sebastian Roth
              last edited by hancocza Jun 18, 2020, 6:55 AM Jun 18, 2020, 12:54 PM

              @Sebastian-Roth apache_config.txt output for grep was httpproto = https

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Jun 18, 2020, 2:52 PM

                @hancocza said in Setting up an existing FOG Server installation with a new SSL Certificate:

                I’m just trying to figure out if there are other steps that need to be taken to replace the default certificate that was created by the installer with the certificate I have.

                Well, do you see any issues?

                From my understanding you should at least re-compile iPXE binaries because otherwise your hosts won’t be able to PXE boot anymore.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                H 1 Reply Last reply Jun 19, 2020, 1:25 PM Reply Quote 0
                • H
                  hancocza @Sebastian Roth
                  last edited by Jun 19, 2020, 1:25 PM

                  @Sebastian-Roth Web server and snapins seem to be fine. I am having pxe issues, getting an invalid argument error (guessing that’s because it’s using the wrong certificate). What are the steps to recompile it?

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sebastian Roth Jun 20, 2020, 8:18 AM Jun 20, 2020, 2:15 PM

                    @hancocza Ah sorry, I thought you’d know how to do that.

                    Go to the directory where you usually run the installer from, I’ll just use /root/fogproject her in the example but make sure you use what you have on your system extracted already.

                    cd /root/fogproject/utils/FOGiPXE/
./buildipxe.sh /etc/ssl/certs/Certs/gd_bundle-g2-g1.crt
cd ../../packages/tftp/
find -type f -exec cp -Rfv {} /tftpboot/{} \;

                    This is partly outlined in the wiki but still needs more consideration: https://wiki.fogproject.org/wiki/index.php?title=HTTPS#Custom_CA_and_certificates

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    1 Reply Last reply Reply Quote 0
                    • 1 / 1
                    1 / 1
                    • First post
                      5/9
                      Last post

                    212

                    Online

                    12.0k

                    Users

                    17.3k

                    Topics

                    155.2k

                    Posts
                    Copyright © 2012-2024 FOG Project