SSL Issue srvpublic.crt
-
So we moved our fog deployment from a centos box to a ubuntu 18.04 box.
I’m trying to deploy a agent to a new machine. The machine gets the image, reboots, then I have some snapins that are supposed to execute but getting errors about communicating back to fog.
In the fog log file on the new machine, I’m seeing the below:
4/28/2021 1:00 PM Main Overriding exception handling 4/28/2021 1:00 PM Main Bootstrapping Zazzles 4/28/2021 1:00 PM Controller Initialize 4/28/2021 1:00 PM Controller Start 4/28/2021 1:00 PM Service Starting service 4/28/2021 1:00 PM Bus Became bus server 4/28/2021 1:00 PM Bus Emmiting message on channel: Status 4/28/2021 1:00 PM Service Invoking early JIT compilation on needed binaries ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/28/2021 1:00 PM Client-Info Version: 0.11.16 4/28/2021 1:00 PM Client-Info OS: Windows 4/28/2021 1:00 PM Middleware::Authentication Waiting for authentication timeout to pass 4/28/2021 1:00 PM Middleware::Communication Download: http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt 4/28/2021 1:00 PM Middleware::Communication ERROR: Could not download file 4/28/2021 1:00 PM Middleware::Communication ERROR: The request was aborted: Could not create SSL/TLS secure channel. 4/28/2021 1:00 PM Middleware::Authentication ERROR: Could not authenticate 4/28/2021 1:00 PM Middleware::Authentication ERROR: The system cannot find the file specified. ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/28/2021 1:00 PM Client-Info Version: 0.11.16 4/28/2021 1:00 PM Client-Info OS: Windows 4/28/2021 1:00 PM Middleware::Authentication Waiting for authentication timeout to pass 4/28/2021 1:02 PM Middleware::Communication Download: http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt 4/28/2021 1:02 PM Middleware::Communication ERROR: Could not download file 4/28/2021 1:02 PM Middleware::Communication ERROR: The request was aborted: Could not create SSL/TLS secure channel. 4/28/2021 1:02 PM Middleware::Authentication ERROR: Could not authenticate 4/28/2021 1:02 PM Middleware::Authentication ERROR: The system cannot find the file specified. ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/28/2021 1:02 PM Client-Info Version: 0.11.16 4/28/2021 1:02 PM Client-Info OS: Windows 4/28/2021 1:02 PM Middleware::Authentication Waiting for authentication timeout to pass 4/28/2021 1:04 PM Middleware::Communication Download: http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt 4/28/2021 1:04 PM Middleware::Communication ERROR: Could not download file 4/28/2021 1:04 PM Middleware::Communication ERROR: The request was aborted: Could not create SSL/TLS secure channel. 4/28/2021 1:04 PM Middleware::Authentication ERROR: Could not authenticate 4/28/2021 1:04 PM Middleware::Authentication ERROR: The system cannot find the file specified. ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/28/2021 1:04 PM Client-Info Version: 0.11.16 4/28/2021 1:04 PM Client-Info OS: Windows 4/28/2021 1:04 PM Middleware::Authentication Waiting for authentication timeout to pass 4/28/2021 1:06 PM Middleware::Communication Download: http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt 4/28/2021 1:06 PM Middleware::Communication ERROR: Could not download file 4/28/2021 1:06 PM Middleware::Communication ERROR: The request was aborted: Could not create SSL/TLS secure channel. 4/28/2021 1:06 PM Middleware::Authentication ERROR: Could not authenticate 4/28/2021 1:06 PM Middleware::Authentication ERROR: The system cannot find the file specified. ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/28/2021 1:06 PM Client-Info Version: 0.11.16 4/28/2021 1:06 PM Client-Info OS: Windows 4/28/2021 1:06 PM Middleware::Authentication Waiting for authentication timeout to passIf I browse manually to the http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt it wants me to download the certificate.
-
@jbandy
I ran into the same issue myself and did a bit of research. It appears it is a problem with the .Net Framework not using more secure SSL/TLS protocols, which can be enabled.So, after enabling them, the very issue you have encountered above was fixed.
You have to add two registry key value in windows:Using Powershell:
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWordOr manually using regedit find:
HKey_Local_Machine\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319Add a 32-bit DWord, called
SchUseStrongCryptoModify its value to 1.
Then repeat the same for:
HKey_Local_Machine\SOFTWARE\Microsoft\.NetFramework\v4.0.30319After those values are set, you can restart the Fog service on the Windows machine, and it should work.
I hope this helps; apologies for the janky post, first time posting here. @Sebastian-Roth You may find this useful for your erratia and troubleshooting section regarding the client. It might also be possible to check and set these values via the client installer in the future.
-
@jbandy said in SSL Issue srvpublic.crt:
... "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 631 "-"What we see in all those access log line is status code
302. So really, each and every request is not being answered directly but redirected.Maybe this is something special Ubuntu is doing to push SSL/HTTPS forward? I am not sure. To try and see where this is coming from we need to start digging through the apache configs. First post the contents of the file
/etc/apache2/sites-available/001-fog.confhere in the forums.How do you change the url it’s using to communicate?
Edit
C:\Program Files (x86)\FOG\settings.jsonon the client machine. Then restart the service called “FOGService” or the computer. -
How do you change the url it’s using to communicate?
----------------------------------UserTracker---------------------------------
4/29/2021 4:09:07 PM Client-Info Client Version: 0.12.0
4/29/2021 4:09:07 PM Client-Info Client OS: Windows
4/29/2021 4:09:07 PM Client-Info Server Version:
4/29/2021 4:09:07 PM Middleware::Response ERROR: Unable to get subsection
4/29/2021 4:09:07 PM Middleware::Response ERROR: Object reference not set to an instance of an object.
4/29/2021 4:09:07 PM Service Sleeping for 60 seconds
4/29/2021 4:10:07 PM Middleware::Communication URL: http://fogserver.domain.local/fog/management/index.php?sub=requestClientInfo&configure&newService&json -
Here’s what I’m seeing in the fog.txt log on the client machine
------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:23:17 PM Client-Info Client Version: 0.12.0 4/29/2021 5:23:17 PM Client-Info Client OS: Windows 4/29/2021 5:23:17 PM Client-Info Server Version: 4/29/2021 5:23:17 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:23:17 PM Middleware::Response ERROR: Object reference not set to an instance of an object. 4/29/2021 5:23:17 PM Service Sleeping for 60 seconds 4/29/2021 5:24:18 PM Middleware::Communication URL: http://fogserver.domain.local/fog/management/index.php?sub=requestClientInfo&configure&newService&json 4/29/2021 5:24:18 PM Middleware::Communication SSL connection error: RemoteCertificateNameMismatch 4/29/2021 5:24:18 PM Middleware::Communication ERROR: Could not contact FOG server 4/29/2021 5:24:18 PM Middleware::Communication ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. 4/29/2021 5:24:18 PM Middleware::Response Success 4/29/2021 5:24:18 PM Service ERROR: Invalid promptTime, using default 4/29/2021 5:24:18 PM Middleware::Communication URL: http://fogserver.domain.local/fog/management/index.php?sub=requestClientInfo&mac=00:15:5D:84:C8:13&newService&json 4/29/2021 5:24:18 PM Middleware::Communication SSL connection error: RemoteCertificateNameMismatch 4/29/2021 5:24:18 PM Middleware::Communication ERROR: Could not contact FOG server 4/29/2021 5:24:18 PM Middleware::Communication ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. 4/29/2021 5:24:18 PM Middleware::Response Success 4/29/2021 5:24:18 PM Middleware::Communication URL: http://fogserver.domain.local/fog/service/getversion.php?clientver&newService&json 4/29/2021 5:24:18 PM Middleware::Communication SSL connection error: RemoteCertificateNameMismatch 4/29/2021 5:24:18 PM Service ERROR: Unable to get cycle data 4/29/2021 5:24:18 PM Service ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. 4/29/2021 5:24:18 PM Middleware::Response Success ------------------------------------------------------------------------------ ---------------------------------ClientUpdater-------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ ----------------------------------TaskReboot---------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ --------------------------------PrinterManager-------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ --------------------------------PowerManagement------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. ------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:24:18 PM Client-Info Client Version: 0.12.0 4/29/2021 5:24:18 PM Client-Info Client OS: Windows 4/29/2021 5:24:18 PM Client-Info Server Version: 4/29/2021 5:24:18 PM Middleware::Response ERROR: Unable to get subsection 4/29/2021 5:24:18 PM Middleware::Response ERROR: Object reference not set to an instance of an object. 4/29/2021 5:24:18 PM Service Sleeping for 60 seconds 4/29/2021 5:25:01 PM Controller Stop 4/29/2021 5:25:01 PM Service Stop requested 4/29/2021 5:25:01 PM Bus Emmiting message on channel: Status 4/29/2021 5:25:04 PM Main Overriding exception handling 4/29/2021 5:25:07 PM Main Bootstrapping Zazzles 4/29/2021 5:25:07 PM Controller Initialize 4/29/2021 5:25:07 PM Controller Start 4/29/2021 5:25:07 PM Service Starting service 4/29/2021 5:25:18 PM Bus Became bus server 4/29/2021 5:25:18 PM Bus Emmiting message on channel: Status 4/29/2021 5:25:18 PM Service Invoking early JIT compilation on needed binaries ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:25:18 PM Client-Info Version: 0.12.0 4/29/2021 5:25:18 PM Client-Info OS: Windows 4/29/2021 5:25:18 PM Middleware::Authentication Waiting for authentication timeout to pass 4/29/2021 5:25:18 PM Middleware::Communication Download: http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt 4/29/2021 5:25:19 PM Middleware::Communication SSL connection error: RemoteCertificateNameMismatch 4/29/2021 5:25:19 PM Middleware::Communication ERROR: Could not download file 4/29/2021 5:25:19 PM Middleware::Communication ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:25:19 PM Client-Info Version: 0.12.0 4/29/2021 5:25:19 PM Client-Info OS: Windows 4/29/2021 5:25:19 PM Middleware::Authentication Waiting for authentication timeout to pass 4/29/2021 5:29:51 PM Main Overriding exception handling 4/29/2021 5:29:51 PM Main Bootstrapping Zazzles 4/29/2021 5:29:51 PM Controller Initialize 4/29/2021 5:29:51 PM Controller Start 4/29/2021 5:29:51 PM Service Starting service 4/29/2021 5:29:58 PM Bus Became bus server 4/29/2021 5:29:59 PM Bus Emmiting message on channel: Status 4/29/2021 5:29:59 PM Service Invoking early JIT compilation on needed binaries ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:29:59 PM Client-Info Version: 0.12.0 4/29/2021 5:29:59 PM Client-Info OS: Windows 4/29/2021 5:29:59 PM Middleware::Authentication Waiting for authentication timeout to pass 4/29/2021 5:29:59 PM Middleware::Communication Download: http://fogserver.domain.local/fog/management/other/ssl/srvpublic.crt 4/29/2021 5:30:00 PM Middleware::Communication SSL connection error: RemoteCertificateNameMismatch 4/29/2021 5:30:00 PM Middleware::Communication ERROR: Could not download file 4/29/2021 5:30:00 PM Middleware::Communication ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 4/29/2021 5:30:00 PM Client-Info Version: 0.12.0 4/29/2021 5:30:00 PM Client-Info OS: Windows 4/29/2021 5:30:00 PM Middleware::Authentication Waiting for authentication timeout to passHere’s what a snippet of tail log of apache looks like: (too many lines to post it all here)
10.11.160.6:80 10.119.188.111 - - [29/Apr/2021:17:26:15 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.119.188.111 - - [29/Apr/2021:17:26:16 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=E4:54:E8:60:D7:1B%7CAC:D5:64:DD:2E:0D%7CAE:D5:64:DD:2E:0D%7CBE:D5:64:DD:2E:0D%7CAC:D5:64:DD:2E:0E&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.119.188.111 - - [29/Apr/2021:17:26:16 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 10.11.160.191 - - [29/Apr/2021:17:26:19 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.11.160.191 - - [29/Apr/2021:17:26:19 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=40:5B:D8:ED:B0:87%7C42:5B:D8:ED:B0:87%7C52:5B:D8:ED:B0:87%7C00:4E:01:AD:BA:EF%7C40:5B:D8:ED:B0:88&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.11.160.191 - - [29/Apr/2021:17:26:19 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 ::1 - - [29/Apr/2021:17:26:19 -0500] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f (internal dummy connection)" 10.11.160.6:80 10.11.160.159 - - [29/Apr/2021:17:26:20 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.11.160.159 - - [29/Apr/2021:17:26:20 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=40:5B:D8:ED:4A:A9%7C42:5B:D8:ED:4A:A9%7C52:5B:D8:ED:4A:A9%7C00:4E:01:AF:B1:4D%7C40:5B:D8:ED:4A:AA&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.11.160.159 - - [29/Apr/2021:17:26:20 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 10.119.189.161 - - [29/Apr/2021:17:26:23 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.119.189.161 - - [29/Apr/2021:17:26:23 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=40:5B:D8:ED:56:FD%7C42:5B:D8:ED:56:FD%7C52:5B:D8:ED:56:FD%7C00:4E:01:AD:BD:08%7C40:5B:D8:ED:56:FE&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.119.189.161 - - [29/Apr/2021:17:26:23 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 10.119.189.144 - - [29/Apr/2021:17:26:23 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.119.189.144 - - [29/Apr/2021:17:26:23 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=A4:BB:6D:B4:E1:A6%7CD8:12:65:D3:69:B3%7CDA:12:65:D3:69:B3%7CEA:12:65:D3:69:B3%7CD8:12:65:D3:69:B4&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.119.189.144 - - [29/Apr/2021:17:26:23 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 10.119.188.107 - - [29/Apr/2021:17:26:25 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.119.188.107 - - [29/Apr/2021:17:26:25 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=E4:54:E8:5E:1D:8B%7CAC:D5:64:DD:A4:C3%7CAE:D5:64:DD:A4:C3%7CBE:D5:64:DD:A4:C3%7CAC:D5:64:DD:A4:C4&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.119.188.107 - - [29/Apr/2021:17:26:25 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 10.11.160.167 - - [29/Apr/2021:17:26:27 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.11.160.167 - - [29/Apr/2021:17:26:27 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=00:4E:01:AE:96:0F%7C40:5B:D8:ED:B6:79%7C42:5B:D8:ED:B6:79%7C52:5B:D8:ED:B6:79%7C40:5B:D8:ED:B6:7A&newService&json HTTP/1.1" 302 839 "-" "-" 10.11.160.6:80 10.11.160.167 - - [29/Apr/2021:17:26:27 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" 10.11.160.6:80 10.11.160.112 - - [29/Apr/2021:17:26:27 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-"The only thing I see in the log regarding the client ip I’m testing with is:
10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:29:59 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 631 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:31:59 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 631 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:33:59 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 631 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:35:59 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 631 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:37:59 -0500] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 631 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:37:59 -0500] "GET /fog/management/index.php?sub=requestClientInfo&configure&newService&json HTTP/1.1" 302 655 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:37:59 -0500] "GET /fog/management/index.php?sub=requestClientInfo&mac=00:15:5D:84:C8:13&newService&json HTTP/1.1" 302 679 "-" "-" 10.11.160.6:80 10.11.160.206 - - [29/Apr/2021:17:37:59 -0500] "GET /fog/service/getversion.php?clientver&newService&json HTTP/1.1" 302 611 "-" "-" -
@jbandy I am still not sure why you are seeing those errors on a non-SSL setup. Sure we do use the certificate and key to encrypt the communication between fog-client and FOG server. This was added to the new fog-client some years back when HTTPS was not as much in use as it is today. But as far as I remember from the top of my head we don’t actually check the server name in the certificate and so I can only imagine these errors to occur when HTTPS is in play as well.
That’s why I asked you to take a look at the apache access logs.
-
So I’ve updated fog client on gold image, seeing this now:
Could not establish trust relationship for the SSL/TLS secure channel.
Also seeing RemoteCertificateNameMismatch
I’m guessing it’s because the old fog server was named differently than the new fog server. I’m assuming i need to rename my new host as the same hostname as the old server then run through setup process again to fix certificate issues?
-
@jbandy said in SSL Issue srvpublic.crt:
One thing I noticed, in my fog service config, I’m not requiring SSL?
Oh well, I might have been too quick in answering your request. Didn’t notice it says
Middleware::Communication Download: http://....in the logs (nothttps://...).Please run
tail -f /var/log/apache2/*access*.logon your FOG server while one of your clients is trying to contact the FOG server. If you have several clients and maybe even people on the web UI you will see way too many lines scrolling past. So try this when there is very little other activity. What I am looking for is if it does some kind of redirect to HTTPS even if you installed FOG without SSL. -
@sebastian-roth One thing I noticed, in my fog service config, I’m not requiring SSL? So now I’m really stumped. I’m going ahead and updating my gold image with new client and running updates but wondering if this is going to fix my problem.
-
@sebastian-roth I’ll give that a try. Didn’t install on 20 yet because I didnt know if I was going to have a problem with fog or not running on 20.
I’m assuming I need to update my golden images with the updated fog clients, run another sysprep, then upload new image to fog server.
-
@jbandy This is a known issue in the fog-client version you use. A pre-released fog-client setup is available. See more details here: https://forums.fogproject.org/post/141414 (exactly that post from Feb 18, 2021)
By the way, why did you move to Ubuntu 18.04 (not 20.04)?