RE: Expired Certificate Help

@sebastian-roth Also, when we changed the subnet of the FOG server we didn’t create a new Server. I changed the IP values inside our original FOG server and reran the FOG Installer for the IP addresses to be changed throughout. After I ran the installer, I didn’t do anything with the certs inside the FOG server.

@sebastian-roth I tried installing the 0.11.20 version.

@sebastian-roth I might just change the settings.json to the correct IP address and keep the FOG Client at 0.11.19. We’ll see if that fixes it for us.

@sebastian-roth The error states “Unable to install CA Certificate” and just looked at the fog.log and it was there right at the top. The FOG client is still pointing to the old IP address for the FOG Server. If you still want the logs posted, I can.

@sebastian-roth You’re incredible. I really appreciate you taking the time to explain this to me. I’ve been using FOG quite often and even merged it to another subnet and got it up and running again through the help of the forum here and wiki. And yes, re-reading what I stated above I didn’t really have a direct question. My brain was fried and kind of all over the place after researching, apologies there. The reason I was wanting to update this cert was because I thought maybe it was the reason why we cannot upgrade to the newest FOG Client version. We are on 0.11.19 I think? But when trying to install the newer client I get a certificate error. (I can get the specific error once I get back to work tomorrow). Upon deployment, auto-join to the domain stopped working for us so I was hoping upgrading to the newest version might just fix it. From my understanding, once the machine is imaged, the FOG Client does post tasks like auto-joining to the domain?

I am very green to FOG and I have inherited this from the old system admin who is now gone. We have three certificates on the clients/workstations -

• FOG Project CA - expires 2029
• FOG Project - expired last year
• FOG Server CA - expires 2029

I’ve been reading the Wiki for HTTPS (https://wiki.fogproject.org/HTTPS) and I see there are three certificates on the server -

• ca.cert.pem
• srvpublic.crt
• .srvprivate.key

When I go to each of the locations where the above certs are stored I see the original files that were generated by the FOG installer. Should I be seeing the FOG Project CA, FOG Project, and FOG Server CA instead? I see now that if you rerun the installer it will overwrite your custom certificate files. I’m guessing after upgrading from 1.5.8 to 1.5.9 these were overwritten? I guess my question is, what should I do from here? Do I need to recreate the CA’s with ./installfog.sh --recreate-ca or what else should I do?

Thanks!

Thank you both for your help! George and I were messaging back and forth and my DHCP policies and scopes were pretty messed up. Looking back I have no idea how it worked before. After completely changing them the machines are booting into FOG again just fine. Appreciate the quick responses!

@george1421 Whoops, my bad. I got the capture filter set this time instead of doing a display filter. Also, when I sent the picture earlier I was replying back to Sebastian Roth’s comment. What’s the best way to send you the pcap file? I’m unable to upload it here.

@george1421 I did a filter for both 67 and 68 and I didn’t get anything back (tcp.port eq 67) and I also did a search for the PxE booting machine’s ip address (ip.addr eq 10.0.2.217 and also did source ip.src eq 10.0.2.217 to see if I saw anything from this machine) and nothing matched my results in Wireshark. The ip address of the third machine I was using is 10.0.2.90 so they’re on the same subnet.

@sebastian-roth The error message is the same as before that I posted earlier.
https://i.imgur.com/LrkYp1d.png

@george1421 So our FOG server is on a Hyper-V on CentOS within our Server Subnet. Then we have our Client subnet which is all of our associates machines. You want me to put this third computer within our server subnet and do a wireshark packet capture or on the Client network and do a packet capture?

@george1421 I’ll have to get this to you tomorrow as I’m currently home. I’ll PXE boot a machine and see what Wireshark brings up. Thanks!

@sebastian-roth Work has slowed down a bit so I can fiddle with the FOG server again. I changed the IP’s in the Scope Options to the correct address but it still will not PxE boot. I have ipxe.efi for the filename and Bootfile name. Can you think of anything else that I am missing?

@sebastian-roth Ahh!! You were correct there. Yes, our domain controller is on a Windows Server. The Policy in DHCP was still pointing to the old IP address. I changed the IP address to the correct one now. I’m guessing these changes aren’t immediate? I’ll try it in a little bit and see if there’s any progress.

@sebastian-roth The 10.0.0.30 is our First Domain Controller. This was all set up from our old Network Administrator and we didn’t have problems until we switched IP’s. He’s not here anymore and FOG was placed into my hands. I’ve used FOG frequently but when it comes to setting up FOG and just settings in general, I’m brand new to it.

@sebastian-roth Looks like TFTP is timing out. Everytime I try to upload the Picture or as a File I keep getting “Error” so here’s an imgur URL.
https://i.imgur.com/LrkYp1d.png
Should the DHCP be the IP of the FOG server? The old FOG server was at 10.0.0.95 but the DHCP is 10.0.0.30 which is something else completely different.
The IP of the new FOG server should be 10.2.2.16. When I shell into my FOG server and ifconfig it shows 10.2.2.16.

@sebastian-roth This is where I first started. I did the above changes and it wasn’t working. I then did the script that WayneWorkman wrote to change the IP address to see if this did anything as well but that did not work either.
https://forums.fogproject.org/topic/9103/new-script-to-update-fog-server-s-ip-address

Hello all,

Due to us moving some of our servers to a different location we ended up changing our subnet for our servers in our main location (not my decision, my bosses). The FOG server stayed in this main location but the IP address has changed for it. I have changed the IP address in /opt/fog/.fogsettings and I also reran the installer. The Web Interface is working on the new address and I changed the IP addresses in there as well. When I try to PxE boot on a client to get into FOG it just errors out and says either it timed out or nothing was found (I can’t remember exactly what it says). I work remotely 10 hours away from the office so I will have to wait until Monday morning for someone to PxE boot and get the actual error message.

Just wondering if there’s anything I missed during the IP change?

Any help is appreciated! Thanks!