Hi Tomas, Thanks for the reply!
I also tried it successfully in a different CloudStack 3.0.2 setup, using the same install package. With the problematic setup, we once successfully upload the cert this morning, but only once, always fail in the afterwards many tries. So far have no idea why it behaves like that. Will do more experiments and share with any findings. Regards, Hongxi -----Original Message----- From: Tamas Monos [mailto:tam...@veber.co.uk] Sent: 2012年7月3日 0:48 To: cloudstack-users@incubator.apache.org Subject: RE: CloudStack 3.0.2: Failed to update SSL Certificate with no server side logs Hi, I can't say anything regarding the key-length "issue" however I have just installed a 3.0.2 on CentOS 6.2 and it ate my 2048 cert with no problem. Please note I have installed the released version not the latest master/dev. You just simply copy/paste your cert into the cert field (pem format). The key is the tricky part: 'openssl pkcs8 -topk8 -in cert.key -inform pem -out certkey.pkcs8.key -outform pem -nocrypt' Copy/paste the contents of the certkey.pkcs8.key file. Regards Tamas Monos DDI +44(0)2034687012 Chief Technical Office +44(0)2034687000 Veber: The Hosting Specialists Fax +44(0)871 522 7057 http://www.veber.co.uk Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook: www.facebook.com/veberhost -----Original Message----- From: hongxi ma [mailto:hongxi...@citrix.com] Sent: 30 June 2012 03:24 To: cloudstack-users@incubator.apache.org Subject: CloudStack 3.0.2: Failed to update SSL Certificate with no server side logs Hi all, I am using a CloudStack with version 3.0.2.20120506223416 on top of CentOS 6.2, when I was trying to update SSL Certificate, I always receive error message "Failed to update SSL Certificate.[Nothing else]", however, the same Certificate and Key pair (Length 2048) worked good in my CloudStack 3.0.1 setup which is on top of CentOS 5.7. Here are other clues when this error happens: 1. There is nothing logged in mangement-server.log, just like the command didn't reach backend logic code (monitored with 'tail -f management-server.log') 2. When use HttpWatch checking the traffic, it showed below information: URL: http://202.**.**.**/client/api?command=uploadCustomCertificate&response=json&sessionkey=9AnSLbpSmcSodS1q1vtL9NldJjc%3D&certificate=-----BEGIN+CERTIFICAT....[cut] RESULT: ERROR_HTTP_INVALID_SERVER_RESPONSE 3. WireShark at the Client side showed the TCP of that CloudStack API request ended with RST 4. If paste the above URL to the client browser, will hit: Connection was reset 5. This always happen in both IE and Firefox as client 6. This always happen in both LAN access and Internet access to CloudStack Server However, if I use very short string as input to "Certificate" and "private Key" field, it will end up with correct error message "Failed to pass Certificate validation check", meanwhile, there are good logs in backend. Within CloudStack 3.0.1, I can reproduce the same behavior if the input is quite long enough, such as: paste in three times the normal certificate and key, but it will always succeed when with the right Content of Certificate and Key. Hereby, I suspect it is related to the input length of the Cert and Key field. Appreciated for any comments. Thanks!
