• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FogApi Powershell module over SSL

Scheduled Pinned Locked Moved
General Problems
3
3
456
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    A Former User
    last edited by Jun 29, 2023, 2:56 PM

    Hello,

    Did someone try to connect to the API with the FogApi module with an https environment ?
    It works well with http but with ssl i have this message :

    Invoke-WebRequest: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
    

    I tried to find infos about offered features (http/https) but i didn’t find anything.

    Thanks,

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Jun 30, 2023, 4:44 PM

      @JJ-Fullmer Pretty sure you have used SSL with the FogAPI modules?!

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      J 1 Reply Last reply Jul 15, 2023, 9:56 PM Reply Quote 0
      • J
        JJ Fullmer Testers @Sebastian Roth
        last edited by Sebastian Roth Jul 18, 2023, 2:20 PM Jul 15, 2023, 9:56 PM

        @Sebastian-Roth Sadly I have not actually done this.
        I believe that it is possible and @tom-elliott may have some insight on accessing the api over https. I believe he has some forum posts elsewhere discussing it. I think there may be some fog server side configuration needed to enable https api. For sure you need to have the root CA certificate that issued your fog server web certificate trusted on the machine issuing the commands. In theory that should be all there is to it, but I haven’t done a ton of testing on it, and while it’s on my to-do list, it’s a bit far down the list. Not to say SSL/TLS isn’t very important even behind a firewall, I just haven’t got there yet.

        @glequeau In theory, if you can get all the certificates trusted correctly and can access a fog api url in a browser over https, then it should work for the powershell commands as well. That’s how it typically works with powershell and api commands.

        That was long, here’s a short version:

        • Go to your https fog site
        • view the certificate being used and view the trust chain
        • Download the root and any intermediate CA certificates
        • Install them on your machine as trusted root ca certs
        • Try the api commands again with the https url set

        If that doesn’t work, then we just have more development needed on https api commands

        You could also try editing your locally installed version of the fogapi module. Specifically the invoke-fogapi command (probably at C:\program files\windowspowershell\modules\fogapi\2303.5.33\fogapi.psm1) then search for that command in the compiled version of the file.

        You would add the -SkipCertificateCheck switch to all calls to invoke-restmethod and invoke-webrequest which would bypass that error and still use the ssl connection, but ignore errors about untrusted certificates

        Have you tried the FogApi powershell module? It's pretty cool IMHO
        https://github.com/darksidemilk/FogApi
        https://fogapi.readthedocs.io/en/latest/
        https://www.powershellgallery.com/packages/FogApi
        https://forums.fogproject.org/topic/12026/powershell-api-module

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post

        171

        Online

        12.0k

        Users

        17.3k

        Topics

        155.2k

        Posts
        Copyright © 2012-2024 FOG Project