• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. cul3r0
    3. Posts
    C
    • Profile
    • Following 0
    • Followers 0
    • Topics 5
    • Posts 15
    • Best 0
    • Controversial 0
    • Groups 0

    Posts made by cul3r0

    • Authentication options for image uploads

      Are there currently any options or plans in future for alternate authentication methods while uploading images?

      Unfortunately, due to compliance my business is moving towards password-less environments which is causing issues in using FOG.

      Thank you.

      posted in Feature Request
      C
      cul3r0
    • RE: HTTPS Redirect Web GUI

      9e9c2483-144a-4a0c-bd5a-a3c43807aaa1-image.png

      This is the result from Nessus Vulnerability scanner when it comes to port 80 “not redirecting” to https 443

      posted in FOG Problems
      C
      cul3r0
    • RE: HTTPS Redirect Web GUI

      @JJ-Fullmer so i didn’t notice but thats the same original file. Your config is the one i have but Nessus vuln scanner and curl command as well do not have a redirect going from http to https. We do get a 302 redirect but unfortunately its redirecting back to http

      posted in FOG Problems
      C
      cul3r0
    • RE: HTTPS Redirect Web GUI

      @JJ-Fullmer Does this affect you pxe booting into fog from asset? I do have SSL configured cert on https port for web gui.

      posted in FOG Problems
      C
      cul3r0
    • HTTPS Redirect Web GUI

      Re: Boot.php permissiondenied

      Is there any way to write a port 80 > 443 redirect affecting only the web gui? Due to my customers security requirements i need a redirect to ssl secured port 443 for web gui. But i know the fog client stops working and that’s an entirely different beast. I tried adding the redirect shown here which worked for web gui but then didn’t allow ipxe boot to work and got error with “Operation Permitted”. I imagine just like stated in this previous post has to do with redirect. Any advice on a redirect only affecting web gui?

      ea0dc354-a888-4036-a636-8d11848db1c4-image.png

      posted in FOG Problems
      C
      cul3r0
    • RE: Fog Client cannot authenticate after Certificate change

      @sebastian-roth this was before i figured out how to view my open forums. I apoligize , please delete or ignore or mark skip. Thank you

      posted in FOG Problems
      C
      cul3r0
    • RE: Setting up trusted SSL certificate

      @sebastian-roth said in Setting up trusted SSL certificate:

      One more thing I missed to tell you. In case you want to use the fog-client software as well you will run into issues with your custom certificate. If you need to know more about this, I can give you the details.

      i’d love to know more details about this. Thank you.

      posted in FOG Problems
      C
      cul3r0
    • Fog Client cannot authenticate after Certificate change

      Once you install a Certificate the Fog Client fails to authenticate.

      RSA FOG Server CA cert found
      RSA ERROR Certificate validation failed
      RSA ERROR Trust chain did not complete to the known authority anchor. Thumbprints did not match
      Authentication ERROR Could not Authenticate
      Authentication ERROR Certificate is not from FOG CA

      I can pxe boot to server, and apply image but once it turns on and loads it can’t proceed to task to join domain or change hostname since it cannot authenticate.

      We are using HTTPS and a SSL Certificate for web gui. I’ve also confirmed all files match and followed accordingly to:
      https://wiki.fogproject.org/HTTPS

      posted in FOG Problems
      C
      cul3r0
    • RE: Fog Server CA Download

      @sebastian-roth is there a way to keep track of open forums i’ve openned? I’m still having this trouble hoping someone could point me in the right direction.

      posted in FOG Problems
      C
      cul3r0
    • RE: How to install SSL Cert ONLY on web server

      @sebastian-roth Correct

      posted in FOG Problems
      C
      cul3r0
    • RE: Fog Server CA Download

      How do you recompile your own client binaries? Is there documentation on that?

      posted in FOG Problems
      C
      cul3r0
    • RE: Fog Server CA Download

      @sebastian-roth If i am using a custom SSL Cert can we bypass it needed FOG Server CA to authenticate?

      Implementing Custom SSL Cert has been a little bit of trouble. I’m soo close i can taste it. I can ipxe from machines. Machine takes the image. But then authenticating there to begin tasks is where i start having trouble.

      posted in FOG Problems
      C
      cul3r0
    • Fog Server CA Download

      Where does the client installer pull the Fog Server CA download its cert from when pinning the server?
      My thumbprints are not matching with the cert installed. I have confirmed these 2 thumbprints match:
      openssl x509 -noout -fingerprint -sha1 -inform pem -in /opt/fog/snapins/ssl/CA/.fogCA.pem
      openssl x509 -noout -fingerprint -sha1 -inform pem -in /var/www/html/fog/management/other/ca.cert.pem

      But when i look in the cert store of windows machine the Fog Server CA has a different thumbprint.

      posted in FOG Problems
      C
      cul3r0
    • How to install SSL Cert ONLY on web server

      Due to compliance reasons i need to setup HTTPS and SSL certificate on Fog Server. I am having issues with the fog client not communicating properly with fog server once image is applied.
      I have followed this guide:
      https://wiki.fogproject.org/HTTPS

      If i try to reinstall fog client it states cannot cannot install CA Certificate.
      Logs show SSL trust chain cannot be completed. I’ve almost given up.
      I’ve also restored server to before i install SSL cert and re installed fog client with HTTPS enabled and it works then and communicates. Not sure what happens once i swap it out with my cert. Per instructions i’ve recompiled ipxe binaries which really wouldn’t affect client since this is after the fact.

      Was wondering if there was a way to just leave the client and fog server config alone without modifying and have the web server setup with the SSL cert we have. I even tried pointing the apache config file to somewhere else with new cert and left default locations alone hoping the client would communicate there and work and no luck.

      I’m desperate for any other ideas…

      posted in FOG Problems
      C
      cul3r0
    • RE: Fog Client Certificate Validation Failed

      @sebastian-roth I’m actually stuck in the same boat. Did anything ever get sorted out of this as well? I tried manually putting new cert in FOG Client Directory and that didn’t work. I even tried installing a fresh client downloaded from server but fails “Ca Certificate Cannot be installed” with HTTPS enabled. I need to have the server communicate with HTTPS due to our security plan. Any additional advice would be greatly appreciated.

      posted in FOG Problems
      C
      cul3r0
    • 1 / 1