Certificate is not from FOG CA




  • Linux version 3.13.0-51-generic (buildd@lamiak) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #84-Ubuntu SMP Wed Apr 15 12:08:34 UTC 2015
    Description: Ubuntu 14.04.2 LTS
    FOG Version: SVN 3504
    Clients: Windows 8.1
    FOG Client Version: 0.8.3


    tried:

    ./installfog.sh --recreate-CA --recreate-keys

    error from client log:

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     01.06.2015 16:42 RegistryHandler 64 bit registry detected
     01.06.2015 16:42 Client-Info Version: 0.8.3
     01.06.2015 16:42 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
     01.06.2015 16:42 Middleware::Authentication ERROR: Could not get security token
     01.06.2015 16:42 Middleware::Authentication ERROR: Die Datei "C:\Windows\system32\token.dat" konnte nicht gefunden werden.
     01.06.2015 16:42 Data::RSA ERROR: Could not verify certificate is from CA
     01.06.2015 16:42 Data::RSA ERROR: Der Wert darf nicht NULL sein.
    Parametername: certificate
     01.06.2015 16:42 Middleware::Authentication ERROR: Could not authenticate
     01.06.2015 16:42 Middleware::Authentication ERROR: Certificate is not from FOG CA
    
    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     01.06.2015 16:43 RegistryHandler 64 bit registry detected
     01.06.2015 16:43 Client-Info Version: 0.8.3
     01.06.2015 16:43 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
     01.06.2015 16:43 Middleware::Communication ERROR: Could not download file
     01.06.2015 16:43 Middleware::Communication ERROR: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.
     01.06.2015 16:43 Middleware::Authentication ERROR: Could not get security token
     01.06.2015 16:43 Middleware::Authentication ERROR: Die Datei "C:\Windows\system32\token.dat" konnte nicht gefunden werden.
     01.06.2015 16:43 Middleware::Authentication ERROR: Could not authenticate
     01.06.2015 16:43 Middleware::Authentication ERROR: Das System kann die angegebene Datei nicht finden.
    

    Please help!

    Michael



  • I know this thread is quite old, but I wanted to include another possible cause because Google searches seem to bring you back to this thread.

    I was experiencing the same issue with my Windows 7 Fog clients, and resetting the encryption data did nothing. It turned out to be the time was quite off on the client, so it was never able to authenticate with the Fog server. Once the time was corrected, the client connected and everything worked fine (hostname, join, etc.).

    Just in case someone else runs into this issue, hopefully this can save you some time.


  • Senior Developer

    Problem solved. It was an issue with the installer.



  • @holzfisch said:

    Installed client 084 (removed manually install dir) . then it worked for the cloning client. After uploading i had the same problem.

    Why do i get always 192.168.1.14CA?
    Where do i delete the encryption data for the client? There is no button on the web-interface?

    Removed it and installed http://192.168.1.14/fog/management/other/ca.cert.der but certificate stays 192.168.1.14CA.

    Tried the debugger (admin rights) in the fog folder, but it is not working.

    thanks for the time helping me.

    Michael

    Do you have an idea how to get the right certificate? I always get 192.168.1.14CA?

    Michael



  • After a while i get “Error multiple hosts returned for list of mac addresses” (virtual box is installed so the mac is sometimes the same on the clients - had the same problem with early versions of the old client).

    fog.log


    --------------------------------HostnameChanger-------------------------------

    10.06.2015 15:14 Client-Info Version: 0.8.4
    10.06.2015 15:14 HostnameChanger Running…
    10.06.2015 15:14 Middleware::Communication URL: http://192.168.1.14/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:22:FB:2B:FF:A2|00:21:70:F6:44:E0|08:00:27:00:6C:21||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService=1
    10.06.2015 15:14 Middleware::Communication Unknown Response: Error multiple hosts returned for list of mac addresses



  • Linux version 3.13.0-51-generic (buildd@lamiak) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #84-Ubuntu SMP Wed Apr 15 12:08:34 UTC 2015
    Description: Ubuntu 14.04.2 LTS
    FOG Version: SVN 3537
    Clients: Windows 8.1
    FOG Client Version: 0.8.4

    Hi!

    Problem is not solved:
    fog.7z
    Get this error after download from server. (fog.log as attachment)

    10.06.2015 10:12 Client-Info Version: 0.8.4
    10.06.2015 10:12 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
    10.06.2015 10:12 Middleware::Authentication ERROR: Could not get security token
    10.06.2015 10:12 Middleware::Authentication ERROR: Die Datei “C:\Windows\system32\token.dat” konnte nicht gefunden werden.
    10.06.2015 10:12 Data::RSA ERROR: Could not verify certificate is from CA
    10.06.2015 10:12 Data::RSA ERROR: Der Wert darf nicht NULL sein.
    Parametername: certificate
    10.06.2015 10:12 Middleware::Authentication ERROR: Could not authenticate
    10.06.2015 10:12 Middleware::Authentication ERROR: Certificate is not from FOG CA


    Installed client 084 (removed manually install dir) . then it worked for the cloning client. After uploading i had the same problem.

    Why do i get always 192.168.1.14CA?
    Where do i delete the encryption data for the client? There is no button on the web-interface?

    Removed it and installed http://192.168.1.14/fog/management/other/ca.cert.der but certificate stays 192.168.1.14CA.

    Tried the debugger (admin rights) in the fog folder, but it is not working.

    thanks for the time helping me.

    Michael



  • Tried: delayed start of the fog service . (Problem after downloading returns - started a new posting)

    Michael



  • upload-dc8236b5-5d6d-47cc-a879-57913a709509

    Debugger ist not working with client 084 (from the mentioned post).

    There is no encryption data to delete. (see screenshot).

    greetings

    Michaelfog.log



  • Thanks for the answers. Removed the old certificate under “Trusted Root Certificate Authority”. Installed the new (“Trusted Root Certificate Authority”. )(http://192.168.1.14/fog/management/other/ca.cert.der). It has still the name 192.168.1.14CA. After installing it still the problem stays the same:



    --------------------------------Authentication--------------------------------

    08.06.2015 11:29 RegistryHandler 64 bit registry detected
    08.06.2015 11:29 Client-Info Version: 0.8.3
    08.06.2015 11:29 Middleware::Communication URL: http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
    08.06.2015 11:29 Middleware::Communication ERROR: Could not download file
    08.06.2015 11:29 Middleware::Communication ERROR: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.
    08.06.2015 11:29 Middleware::Authentication ERROR: Could not get security token
    08.06.2015 11:29 Middleware::Authentication ERROR: Die Datei “C:\Windows\system32\token.dat” konnte nicht gefunden werden.
    08.06.2015 11:29 Middleware::Authentication ERROR: Could not authenticate
    08.06.2015 11:29 Middleware::Authentication ERROR: Das System kann die angegebene Datei nicht finden.

    did something go wrong with a upgrade?
    i get the file (http://192.168.1.14/fog/management/other/ssl/srvpublic.crt) ,when using chrome.

    Please help


  • Senior Developer

    Be sure to install that ca.cer.der file under Local System and as a Trusted Root Certificate Authority. What happened is that the client “pinned” an old format of the CA certificate that Tom released for a few versions in hopes of multiple FOG server support but was removed shortly after.


  • Senior Developer

    @holzfisch Can you delete the Trusted CA that you have for the FOG Server that’s labeled as:
    192.168.1.14CA

    Then go to http://192.168.1.14/fog/management/other/ca.cert.der in Chrome or Firefox (as IE will just display the file as if it’s plain text) and install THAT certificate?

    This should fix your registry issue. You might have to reset the encryption data for the hosts that were affected as well, but ultimately you should be good to go after that. The CA Name in the Certificate Manager should be: “FOG Server CA”

    Middleware is the new name of the CommunicationHandler class. It was renamed because, while it does deal with communication, it’s essentially the Middle man of the Client to Server communications and data operations to move in between the other modules. It IS middleware and was named more appropriately.

    @Jbob I believe has a debugger function already created and setup on the forums. I’ll update this post with the link that shows where to download the file and how to use it.

    Here is the Link to the forum post:
    https://forums.fogproject.org/topic/5074/ad-join-rename-on-client-0-8-1/5



  • What is the Middleware Commuinication? How can I debug Middleware? (i also tried to remove and reinstall the client).

    Michael



  • File is opening with Internet Explorer.

    upload-4f8fc5d8-1afe-4d6e-b05e-f2aaa2788a26

    I have firefox on the clients as standard browser. the certificate is not opening with firefox.

    “This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.”

    (german: “Dies ist kein Zertifikat für eine Zertifizierungsstelle und kann deshalb nicht in die Liste der Zertifizierungsstellen importiert werden.”)

    is there a problem, if firefox is the standard browser?

    MIchael


  • Senior Developer

    Can you open the certificate on windows and checked the “Issued to” and “Issued by” fields?



  • Manual download is working :


    root@dollyghost:~# wget http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
    --2015-06-02 09:43:23--  http://192.168.1.14/fog/management/other/ssl/srvpublic.crt
    Auflösen des Hostnamen »proxy4.hlwsp.hlwspittal.at (proxy4.hlwsp.hlwspittal.at)«... 192.168.1.22
    Verbindungsaufbau zu proxy4.hlwsp.hlwspittal.at (proxy4.hlwsp.hlwspittal.at)|192.168.1.22|:8080... verbunden.
    Proxy-Anforderung gesendet, warte auf Antwort... 200 OK
    Länge: 1679 (1,6K) [application/x-x509-ca-cert]
    In »»srvpublic.crt«« speichern.
    
    100%[==============================================================================>] 1.679       --.-K/s   in 0s
    
    2015-06-02 09:43:23 (223 MB/s) - »»srvpublic.crt«« gespeichert [1679/1679]
    
    root@dollyghost:~# ls
    127.0.0.1  src  srvpublic.crt  test.log
    root@dollyghost:~# cat srvpublic.crt
    -----BEGIN CERTIFICATE-----
    MIIErDCCApQCCQDOSUtU2SXshzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA4x
    OTIuMTY4LjEuMTRDQTAeFw0xNTA2MDExOTUzMDZaFw0yNTA1MjkxOTUzMDZaMBcx
    FTATBgNVBAMMDDE5Mi4xNjguMS4xNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
    AgoCggIBAK6C+OuXsIsNpuT87/XPjAaRnEwIXevdDhz9trvGEtni9W5s8P5W6mpO
    83ngkXaybVtZzihRaINiLIyhmodTNbk3i6hjl+KMGhH9G7SL7wVf48TBUllrXNIN
    Z0JaX3M3SBqMCc71UgpAHkoHIhrdwJPmO9Ng/sZwkKpHGFL0bzkHB8mg3Fwz9hj2
    tLxDDQDGtxGkxO9CHP6j9AXk1JdXnsImCCD0afy5ds3JXpe2Nh90q1GANTIbmoWb
    LX/9tJJ7qsb29UuMKNJK+uJ/bEqhBc+f2Y0H0TFLFSrwBn51jl9ImtpKPCKW/hQR
    xxKArjV71LznBbyWsBtXmZY1mw1Bc+e5xrfU7SI3ECEN/7xX/dD79oi4phiu9p6F
    kS1Ja4ZmDHVAQWsKb/ZxjjzTBKMDKXn5NaHRXH8QM4CdWnN1oFBHjEywTztvyK7w
    pMYKkaQyp48PNiy/mAK+6qITXqB4mSogNR9yU1IcvXzzrN6M1kS1CXeKOOQZAHYL
    /7F5kaDvCF5/UhYYxBPK3PSHKGkkKtX/zJEfifnf4AvBUgUCHaud+ZfAdDQ6cZyq
    0Ls3E5c29i136MYwSWKN4q6okXfP5YcEIDj4JYblPwqa8Kk50nTQcJvx0ovj8s8j
    zVPUVY28WHlVrfLbjtepTqKYbRVBtcLvG849N78JoSA1Ao51PHqtAgMBAAEwDQYJ
    KoZIhvcNAQELBQADggIBAHrSnCUTsDs9Bn97MzwauQ4CY9GwmHFxFeKA0o87aciK
    jAPRCY5/3ADI8LJ2SFjVyJ28WglL7b0nYxmuzzyzlFwQd2148LbOYuFBGPuc9qoZ
    mTl+o0UyMY/btTd6msGbI3+jzuSAbX87BDwey0D3c4HyM/eufjzp9lc0ysdrbJxP
    kW731whW73nyT+V1EMrXUyHBbzpi13XZSr4XxMHXCC9rdQvKLccLajBrMfw6fJTo
    Fi+tBViDmrknGQlQMI9AWxCSvQmU3CWdut53zIp2AJE5jcrh9m341pxEoalt0WKl
    YhdYitz6KhecDZ5dCbPVV8fakxca8OdUbf8kFAr2Pykl/Dy2YJ7AkP6legSdfwdR
    FiNwNkbSPO5V4EBuiCKYUfxK67UUnMkTk6xRQrExX9Mmr+bEgTW8G9tCHins9fyZ
    5RxZy3/udUYbiScdn7V9EFHaB7Bbe4t8UVfspm8X/AbUkw5Xd9eJuCgxziGloCeG
    ZJdJWqL8SD0INH1P34hDC1860QBUO9U+uU3m351u/NkFuCdEfoLSsyBxvKZ0zo9M
    a3DT/Brl6Q0PYJug7CRbUl0iSgHVSCSZRVp94O2uTQvc1PPkaVg91nCv3aom40f+
    uaKlJTrZPNA0sj53rKZ1VhjqToTOaebqtmdihSJfhHh6q06CMWPe5w2SLHRU+UQf
    -----END CERTIFICATE-----
    ---
    

    Manual downloading with the browser is working too.

    Michael


  • Testers

    I have had this issue myself but clearing the encrytping data for the host in question, allowed communication.


  • Senior Developer

    @holzfisch said:

    http://192.168.1.14/fog/management/other/ssl/srvpublic.crt

    Can you try downloading that file manually? If my understanding of the german is correct, it is saying that the computer could not establish a session with the server meaning it is possibly a network issue.


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.