Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CA certificate on different drive does not work #271

Open
fnetz opened this issue Feb 10, 2023 · 2 comments
Open

CA certificate on different drive does not work #271

fnetz opened this issue Feb 10, 2023 · 2 comments

Comments

@fnetz
Copy link

fnetz commented Feb 10, 2023

General information

Operating system: Windows 10 22H2

OCS Inventory information

Windows agent version: 2.10.1.0

Problem's description

I'd like to run the Agent using a self-signed certificate on a different drive (in my case a network drive). Judging by the example at https://wiki.ocsinventory-ng.org/03.Basic-documentation/Setting-up-the-Windows-Agent-2.x-on-client-computers/, one should be able to just use the full path. The path I enter is X:\CA\domain-local-certificate.crt, but the agent doesn't run properly using that.

If I interpret the logs correctly, the agent tries to use C:\ProgramData\OCS Inventory NG\Agent\X:\CA\domain-local-certificate.crt as the certificate and fails. If I instead copy the certificate to the C:\ProgramData\OCS Inventory NG\Agent folder and change the configuration to CaBundle=domain-local-certificate.crt (just the filename instead of full path), it works flawlessly.

I hope this isn't a duplicate, but the only issue regarding this I could find is #227 which was closed by the author.

Inventory log file ( optional )

I've uploaded sections from the logs I believe are relevant (sensitive data replaced with ***). If I should provide anything else, please tell me.

Configuration that doesn't work:

[OCS Inventory Agent]
ComProvider=ComHTTP.dll
Debug=1
Local=
[HTTP]
Server=https://inventar.domain.local/ocsinventory
SSL=1
CaBundle=X:\CA\domain-local-certificate.crt
AuthRequired=1
User=***
Pwd=***
ProxyType=0
Proxy=
ProxyPort=0
ProxyAuthRequired=0
ProxyUser=
ProxyPwd=
@weipah
Copy link

weipah commented May 16, 2023
edited
Loading

Your drive X doesn't look like a local path, this means it cannot be accessed by "Local System" of the service.
"X" is only mapped in your own user context.

You might try to change the service account and giver proper access to this user on your share. Also you would need to use the UNC path (\\<share>\CA\domain-local-certificate.crt), not the drive letter of course. I'm not sure if the agent can even handle UNC paths.

@fnetz
Copy link
Author

fnetz commented May 23, 2023

Thanks for taking the time to respond. Unfortunately I don't have the agent installed currently, but your suggestion looks like it might fix my problem.

I'll leave the issue open and report back once I get to test this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weipah @fnetz