• Register
    • Login
    • Search
    • Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Incorrect CA after migration

    FOG Problems
    2
    7
    115
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bballmcoe last edited by

      I recently performed a migration to 1.5 following all the steps in the Migrate FOG document. I copied over the /snapins/ssl directory as indicated, but this does not include the ca.cert.der, this may not be relevant.
      Existing hosts are under control, but new hosts, and new images, are pulling a newer CA, which is halting host control. My best guess is that the new installation created that ca.cert.der file and uses it to pass to a client. I’m at a loss. My workaround has been to import a copy of the old certificate onto the new hosts, and delete the newer incorrect one. This gives me back host control. How do I get this correct, older certificate to install on new hosts and new images moving forward?

      1 Reply Last reply Reply Quote 0
      • B
        bballmcoe last edited by

        Thank you sir

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator last edited by Sebastian Roth

          @bballmcoe said in Incorrect CA after migration:

          I was then able to determine that FOG was giving new hosts a new certificate dated back to the day of migration.

          Definitely something that went wrong when migrating. Could be our manual or the scripts or something you did. If I had to guess I’d guess it’s something in the installer scripts. Shall look into this when I have more time (will keep this on my list).

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • B
            bballmcoe last edited by

            Yes, that is the article I used. The migration went seemingly well, until my tech started to create an image. That’s when we noticed the CA issues. Upon further investigation, some hosts were no longer under control. My tech discovered that deleting the certificate the client was given, and importing the old certificate (from my backup), corrected communication. I was then able to determine that FOG was giving new hosts a new certificate dated back to the day of migration. Which led me to the article that caused me to convert my old FogCA.pem to a .der file, and overwrite the newer ca.cert.der.

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator last edited by

              @bballmcoe Can you please let us know which FOG migration doc you used? Wiki article on migrating FOG?

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • B
                bballmcoe last edited by bballmcoe

                1.5.9. However, I believe I just fixed my issue. I won’t be able to confirm until my tech creates a new image, but uninstalling the client from a bad host and reinstalling the client caused it to pull the proper cert. That host is now under control.
                What I did:
                I found an old CA file, fogCA.pem, in /snapins/ssl/CA. Then performed this:
                mv /var/www/html/fog/management/other/ca.cert.der /var/www/html/fog/management/other/ca.cert.der_orig
                openssl x509 -in /opt/fog/snapins/ssl/CA/fogCA.pem -out /var/www/html/fog/management/other/ca.cert.der -outform DER
                Courtesy of: https://forums.fogproject.org/topic/15908/fog-server-ca-download

                1 Reply Last reply Reply Quote 1
                • S
                  Sebastian Roth Moderator last edited by Sebastian Roth

                  @bballmcoe said in Incorrect CA after migration:

                  I recently performed a migration to 1.5

                  Which version do you mean? We never released 1.5 - there is 1.5.0 which is really old and 1.5.9 which is kind of old as well.

                  Please post the instructions you followed as well as what you did exactly.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 0
                  • 1 / 1
                  • First post
                    Last post

                  184
                  Online

                  10.4k
                  Users

                  16.4k
                  Topics

                  150.6k
                  Posts

                  Copyright © 2012-2023 FOG Project