Error download IGEL custom partitions: certificate errors saying the IGEL UMS server is not trusted

Where would I look to troubleshoot issues downloading custom partition files? If I browse to the ums_transfer folder URL in a browser from the client I get certificate errors saying the UMS server is not trusted.

Learn more, read the entire thread inside the IGEL Community o Slack

Thats usually fine, since the UMS is using his own PKI. You can accept, and then login with your UMS Credentials.

Ok thanks. So the browser test is not a suitable to see why files cannot be downloaded? And to follow up, what logs or where can I go from here?

it is, to100%. Was just saying that the certificate warning you get is normal.

> I get certificate errors saying the UMS server is not trusted.

That is because the UMS certificate is (usually) self-signed, so Firefox doesn’t trust it. It’s doesn’t mean that there is anything wrong with the UMS.

So it seems the browser is not a suitable test as what the Igel is trying to do when downloading the CP files. The files are available and can be browsed locally. Is there any log I can review to see why a download fails?

I’ve tried using curl and get security error that way as well.

Brian, I’m not getting your point tbh…

@member is the ums_filetransfer HTTP folder visible in Firefox from the device?

No it is not accessible due to security warning.

Please, accept the security warning…

@member as previously mentioned the security warning has nothing to do with the availability of the files. Please accept the warning and check if the HTTP serve is browsable

Then you get:

Then login with your UMS Creds….

After I accept thet warning I get the authentication box and it seems to be accepted, there is no error. However, the browser page for ums_transfer folder is blank.

@member did you get a login popup?

Yes, that is the authentication box I spoke of.

Weird! And refreshing the page does nothing either?

Some Proxy in use?

What happens with curl –insecure –user USER:PASS YOUR_UMS:8443/ums_filetransfer ?

I closed the browser and started over, can view files from browser but still fails to download.

This is all internal network traffic and not going through any proxy.

What happens when you click on the inf, can you open that file? Can you send a screenshot of your CP profile, especially this menu:

@member is there any issue having hyphens/dashes in the filename?

chs-igelums02:8443/ums_filetransfer/chromium-browser.inf is in the first field

@member I see you are using umsxfer as the username. The username and password for Custom Partition downloads needs to be the same as the UMS database user, is this the case?

It is a custom administrative account I setup for file transfers.

This won’t work. Firmware management doesn’t give rights to access the HTTPS file server. ~You are obliged to use the UMS database user credentials.~ _WebDAV access is sufficient, see @member’s answer_

Firmware management allows UMS admins to assign firmware objects and execute updates. It doesn’t have any bearing for Custom Partition downloads.

So anyone that can view profiles will be able to see those credentials and then have full access to the UMS when they login with those creds. Is this a good idea?

WEBDav access is needed btw.

@member it’s not possible to obtain the UMS admin password from a profile, so this problem would not arise. However if you are not comfortable hosting the CP files from the UMS it’s also possible to use an external HTTPS server.

Thank you both for the help, it was the webdav additional right. I just missed that.

Glad you got it working! My initial answer was incorrect; UMS database admin account isn’t necessary, as @member pointed out.

Have almost the same problem, but in my case it isnt the .INF file but the .TAR.BZ2 file which he is claiming he cant download. The strange thing is, the program is shown on the desktop and works as it should. The alerts are annoying and is distracting for some coworkers… any help there?

@member in this case, have you checked the path to the archive inside the INF file?

Also, is the setting Automatic Update enabled in the download settings for the CP?

Thanks for your reply, the Automatic Update isnt Enabled. The File path is set to the name of the Archive.

What is the exact error message?

give me a second ill check…

Partitions data couldnt be downloaded: mgmt01:8443/ums_filetransfer/forticlient-sslvpn.tar.bz2

Try clearing the partition and trying again. i.e. remove CP settings > partition will be deleted > reapply

ok… ill try

Continue reading and comment on the thread ‘Error download IGEL custom partitions: certificate errors saying the IGEL UMS server is not trusted’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: