Setting up an existing FOG Server installation with a new SSL Certificate



  • Hello,

    I’m currently running FOG 1.5.9 RC2.9 with the SSL option. The certificate that we use for this server was updated, and so now i’m trying to get this new certificate to work with the existing FOG Installation. Are there steps on how to get everything working with it? I know when you do a new installation from scratch, you can choose the certificate and key to use, but there doesn’t seem to be that step when updating to newer versions.

    Thanks!


  • Senior Developer

    @hancocza Ah sorry, I thought you’d know how to do that.

    Go to the directory where you usually run the installer from, I’ll just use /root/fogproject her in the example but make sure you use what you have on your system extracted already.

    cd /root/fogproject/utils/FOGiPXE/
    ./buildipxe.sh /etc/ssl/certs/Certs/gd_bundle-g2-g1.crt
    cd ../../packages/tftp/
    find -type f -exec cp -Rfv {} /tftpboot/{} \;
    

    This is partly outlined in the wiki but still needs more consideration: https://wiki.fogproject.org/wiki/index.php?title=HTTPS#Custom_CA_and_certificates



  • @Sebastian-Roth Web server and snapins seem to be fine. I am having pxe issues, getting an invalid argument error (guessing that’s because it’s using the wrong certificate). What are the steps to recompile it?


  • Senior Developer

    @hancocza said in Setting up an existing FOG Server installation with a new SSL Certificate:

    I’m just trying to figure out if there are other steps that need to be taken to replace the default certificate that was created by the installer with the certificate I have.

    Well, do you see any issues?

    From my understanding you should at least re-compile iPXE binaries because otherwise your hosts won’t be able to PXE boot anymore.



  • @Sebastian-Roth apache_config.txt output for grep was httpproto = https



  • @Sebastian-Roth Initially i installed it without SSL, correct. Then added the 443 section manually. When I upgraded to 1.5.9-RC2, I decided to let the FOG installer handle the SSL setup by using the -S option on install. Once the install was done and the default certificate for FOG was created, I went into the apache config and pointed the certificate lines to my certificate that i got from GoDaddy. That was fine. I’m just trying to figure out if there are other steps that need to be taken to replace the default certificate that was created by the installer with the certificate I have.


  • Senior Developer

    @hancocza said in Setting up an existing FOG Server installation with a new SSL Certificate:

    When I did a fresh install of 1.5.8, the installer asked for the certificate location and the key location if I remember correctly.

    Not that I know of.

    Now the time came to update the certificate, but I’m not exactly sure where I need to make changes to point to the new certificate besides the apache config.

    I am still missing some bits to get the full picture! 1.5.8 was installed without SSL, then Apache config modified manually to enable SSL? Did you also enable SSL in the .fogsettings configuration or through the FOG installer? At what stage did you do that, right after 1.5.8 install, in between or when updating to 1.5.9-RC2?

    Please post your Apache config (one single file FOG generates for you) as well as the output from grep httpproto /opt/fog/.fogsettings here in the forums. Without that information I can only guess and would likely lead you the wrong way.



  • @Sebastian-Roth it is a custom certificate through godaddy. They renew every year, so I need to update the certificate on the server. Previously (before 1.5.8), I would set it up without ssl and then add in the 443 port config to the apache portion of the server. When I did a fresh install of 1.5.8, the installer asked for the certificate location and the key location if I remember correctly. I did that in February of this year. Now the time came to update the certificate, but I’m not exactly sure where I need to make changes to point to the new certificate besides the apache config.


  • Senior Developer

    @hancocza We need more information to be able to help.

    The certificate that we use for this server was updated

    Please tell us more about this certificate. Is this a cert generated by the FOG installer or one that you get from a different certificate authority?

    Are there steps on how to get everything working with it?

    What were the exact steps you took to make it work in the first place?


Log in to reply
 

289
Online

7.2k
Users

14.4k
Topics

135.6k
Posts