Hi Amogh, Thanks for pointing in the direction of checking the keystore table. I found a certificate entry the content of which was in bad PEM format (newline errors, url encode error I think), the other certs were uploaded using a patched CloudMonkey (fix went today into master) which would url encoded args before sending them to CloudStack.
On 01-Oct-2014, at 8:56 pm, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Hi Amogh, > > Thanks for replying. Here the contents from the keystore table (minus > sensitive information): > > id, name, domain_suffix, seq > 1 | CPVMCertificate | custom.domain.com | null > 2 | root | realhostip.com | 0 > 4 | newroot | custom.domain.com | 1 > 5 | inter1 | custom.domain.com | 2 > 6 | inter2 | custom.domain.com | 3 > > The Apache CloudStack version is 4.2.1, the systemvm.iso was built by > jenkins.buildacloud.org and it was installed by the built rpms. In my case, > the hosts were all XenServer 6.2. I checked the CPVM logs, and I see that > it’s not getting keystore bytes[] from Management server at all, so falling > back to the default realhostip.keystore file when the AgentShell starts and > bootstraps ConsoleProxy. The only issue is when console proxy for a VM is > viewed, I’m getting SSL cert error so instead of *.custom.domain.com I get > the *.realhostip.com SSL cert. > > Please suggest how may I debug it further or fix it? > > On 01-Oct-2014, at 7:15 pm, Amogh Vasekar <amogh.vase...@citrix.com> wrote: >> Hi, >> >> Can you please paste the contents of the keystore table (minus the private >> key of course)? >> >> For SSVM, in 4.2, the certificate chain was not configured correctly and >> it would only use the server certificate when configuring Apache. It did >> not impact functionality though. >> This is not true for CPVM, which would try to use the full chain. >> It was fixed in 4.3, along with removing a double decoding of certificate >> when uploaded through API. The double decoding issue would manifest as >> non-server certificates to be saved incorrectly in the DB, and hence >> wanted to take a look at the table's contents. Since CPVM uses the full >> chain but not SSVM, I suspect this might be your issue. >> >> For the systemvm.iso - did you rebuild the ISO from source? >> It gets patched automatically in 4.3 for XS, but 4.2 had a versioning >> issue due to which it didn't change automatically. >> For KVM, the ISO gets patched when you reinstall the agent package. >> For Vmware, one needs to remove the old ISO from secondary storage folder >> (under <path_to_secstorage>/systemvm/ I think) so that the new one gets >> applied. >> >> HTH >> Amogh >> >> On 10/1/14 9:51 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: >> >>> Hi Amogh, >>> >>> I’ve a different issue, CPVM is opening the console but the HTTP service >>> is returning old *.realhostip.com certificate. >>> >>> I debugged CPVM agent to find that it’s not picking up the keystore sent >>> from Management server. This issue is like: >>> https://issues.apache.org/jira/browse/CLOUDSTACK-3438 >>> >>> In the logs (from CPVM), I’m only seeing "Initializing SSL from built-in >>> default certificate”. Reading source from >>> ConsoleProxySecureServerFactoryImpl, this means the agent is starting but >>> is not getting any StartConsoleProxyAgentHttpHandlerCommand with new >>> KeyStore data. I’ve tested this only for 4.2, Paul suggests something >>> similar for 4.3 as well. >>> >>> I’ve one root certificate (id=1), two intermediate certificate (id=2, >>> id=3) and a wildcard domain cert+key. I uploaded them one by one as per >>> the docs and also following Chip’s blog. By doing so, the SSVM keys got >>> updated and by downloading an ISO I see the https url it gave returned >>> correct SSL certificate which means the chain of certificates etc. worked. >>> >>> In case of CPVM, accessing console in browser led to SSL error. Do you >>> may any suggestions on how to get this fixed? If I remove CPVMs, I see >>> it’s still using old systemvm.iso and though docs/wiki recommend >>> systemvm.iso will get patched, it does not actually. >>> >>> On 01-Oct-2014, at 6:32 pm, Amogh Vasekar <amogh.vase...@citrix.com> >>> wrote: >>>> Hi, >>>> >>>> For 4.2 you may want to refer here : >>>> >>>> http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-cert >>>> if >>>> icate-chains-in-cloudstack.html >>>> >>>> 4.3 had a missing commit, due to which the global config >>>> consoleproxy.url.domain had to be set to "mydomain.com", instead of >>>> "*.mydomain.com". This has been fixed in 4.3.1 >>>> >>>> Apologies for the inconvenience. >>>> >>>> Amogh >>>> >>>> On 10/1/14 8:16 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: >>>> >>>>> Just to update on the certificate upload issue with 4.2: >>>>> >>>>> I’m able to download and add new volumes/templates/isos and the link >>>>> provided has a valid https url with the same certificate that I >>>>> uploaded >>>>> though when I try to access the console I get SSL cert error and I see >>>>> that it’s still returning the old *.realhostip.com certificate. I’ve >>>>> tried to delete old CPVMs and I see the same issue coming up again. >>>>> >>>>> >>>>> On 01-Oct-2014, at 4:55 pm, Rohit Yadav <rohit.ya...@shapeblue.com> >>>>> wrote: >>>>>> Hi, >>>>>> >>>>>> I’ve fixed cloudmonkey to url encode parameters so now you can use >>>>>> cloudmonkey to upload custom certificate but only in non-interactive >>>>>> mode on shell (bash/zsh). You’ll have to install cloudmonkey from >>>>>> source >>>>>> for now since the fix is only on master. >>>>>> >>>>>> Something like: >>>>>> $ cloudmonkey upload customcertificate id=xx domainsuffix=yy name=zzz >>>>>> certificate=‘asdf >>>>>> asdfasdf >>>>>> asdfasdf >>>>>> asdf---' >>>>>> >>>>>> I’ve some issues to report while replacing certificates to get rid of >>>>>> realhostip, this is specific for Xen could apply for other hypervisors >>>>>> as well: >>>>>> >>>>>> - In case of 4.2, I see in the database that seq is 0 for the root >>>>>> certificate for the realhostip.com domain. I uploaded certificates in >>>>>> order (root, then intermediate and finally SSL cert from UI), and I >>>>>> see >>>>>> the old certificate is still there. after CPVM/SSVM restarts and are >>>>>> in >>>>>> UP state I still get SSL errors and I see that systemvm.iso is not >>>>>> getting patched. How to fix this? Or force systemvm.iso patching? >>>>>> >>>>>> - In case of 4.3.0 and above, I see the same issue. I’m confused >>>>>> whether to use *. wildcard in global setting or not. >>>>>> >>>>>> On 27-Sep-2014, at 9:32 pm, Amogh Vasekar <amogh.vase...@citrix.com> >>>>>> wrote: >>>>>>> Hi, >>>>>>> >>>>>>> For the encoding, in your case it was the space character causing the >>>>>>> issue - it should be replaced by %20. The correct encoding would be >>>>>>> (hoping mail clients don't screw up the blob): >>>>>>> >>>>>>> >>>>>>> -----BEGIN%20CERTIFICATE-----%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQ >>>>>>> EB >>>>>>> BQU >>>>>>> >>>>>>> >>>>>>> AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZm >>>>>>> F4 >>>>>>> IFN >>>>>>> >>>>>>> >>>>>>> lY3VyZSBDZXJ0%0AaWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwOD >>>>>>> Ix >>>>>>> MDQ >>>>>>> >>>>>>> >>>>>>> wMDAw%0AWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1 >>>>>>> UE >>>>>>> %0A >>>>>>> >>>>>>> >>>>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB%0ACgK >>>>>>> CA >>>>>>> QEA >>>>>>> >>>>>>> >>>>>>> 2swYYzD99BcjGlZ%2BW988bDjkcbd4kdS8odhM%2BKhDtgPpTSEHCIjaWC9m%0AOSm9BXi >>>>>>> Ln >>>>>>> Tjo >>>>>>> >>>>>>> >>>>>>> BbdqfnGk5sRgprDvgOSJKA%2BeJdbtg%2FOtppHHmMlCGDUUna2YRpIu%0AT8rxh0PBFpV >>>>>>> XL >>>>>>> VDv >>>>>>> >>>>>>> >>>>>>> iS2Aelet8u5fa9IAjbkU%2BBQVNdnARqN7csiRv8lVK83Qlz6c%0AJmTM386DGXHKTubU1 >>>>>>> Xu >>>>>>> pGc >>>>>>> >>>>>>> >>>>>>> 1V3sjs0l44U%2BVcT4wt%2FlAjNvxm5suOpDkZALeVAjmR%0ACw7%2BOC7RHQWa9k0%2Bb >>>>>>> w8 >>>>>>> HHa >>>>>>> >>>>>>> >>>>>>> 8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz%0APeE4uwc2hGKceeoWMPRfwCvoc >>>>>>> Wv >>>>>>> k%2 >>>>>>> >>>>>>> >>>>>>> BQIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm%0AaPkr0rKV10fYIyAQTzOYkJ%2FUMB0GA >>>>>>> 1U >>>>>>> dDg >>>>>>> >>>>>>> >>>>>>> QWBBTAephojYn7qwVkDBF9qn1luMrM%0ATjAPBgNVHRMBAf8EBTADAQH%2FMA4GA1UdDwE >>>>>>> B% >>>>>>> 2Fw >>>>>>> >>>>>>> >>>>>>> QEAwIBBjA6BgNVHR8EMzAxMC%2Bg%0ALaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9 >>>>>>> jc >>>>>>> mxz >>>>>>> >>>>>>> >>>>>>> L3NlY3VyZWNhLmNybDBO%0ABgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR >>>>>>> 0c >>>>>>> HM6 >>>>>>> >>>>>>> >>>>>>> Ly93d3cuZ2Vv%0AdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQE >>>>>>> BB >>>>>>> QUA >>>>>>> >>>>>>> >>>>>>> A4GB%0AAHbhEm5OSxYShjAGsoEIz%2FAIx8dxfmbuwu3UOx%2F%2F8PDITtZDOLC5MH0Y0 >>>>>>> FW >>>>>>> Dom >>>>>>> >>>>>>> >>>>>>> rL%0ANhGc6Ehmo21%2FuBPUR%2F6LWlxz%2FK7ZGzIZOKuXNBSqltLroxwUCEm2u%2BWR7 >>>>>>> 4M >>>>>>> 26x >>>>>>> >>>>>>> >>>>>>> 1W%0Ab8ravHNjkOR%2Fez4iyz0H7V84dJzjA1BOoa%2BY7mHyhD8S%0A-----END%20CER >>>>>>> TI >>>>>>> FIC >>>>>>> ATE----- >>>>>>> >>>>>>> As for the global parameter, you can set it to something like a few >>>>>>> seconds and reset to original value when the URLs have been expired. >>>>>>> >>>>>>> Thanks >>>>>>> Amogh >>>>>>> >>>>>>> >>>>>>> On 9/27/14 10:53 AM, "Indra Pramana" <in...@sg.or.id> wrote: >>>>>>> >>>>>>>> Hi Wido, >>>>>>>> >>>>>>>> I have changed the value of secstorage.ssl.cert.domain and restart >>>>>>>> management server, before I start uploading all the certificates. >>>>>>>> >>>>>>>> I found this article, which might be related to the problem: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshootin >>>>>>>> g+ >>>>>>>> -+u >>>>>>>> ploading+custom+domain+certificate+instead+of+using+realhostip.com >>>>>>>> >>>>>>>> ==== >>>>>>>> >>>>>>>> *Specific Issues seen* >>>>>>>> >>>>>>>> 1. Download urls point to the old domain. >>>>>>>> 1. Reduce the expiration duration of the urls by changing global >>>>>>>> config extract.url.expiration.interval >>>>>>>> 2. And change the frequency for cleanup thread >>>>>>>> through extract.url.cleanup.interval restart MS. >>>>>>>> 3. Wait for the cleanup thread duration and try downloading again. >>>>>>>> See whether the url is deleted. >>>>>>>> 4. DB tables to check (don¹t recommend but worst case) >>>>>>>> Version < 4.2 upload table persists url. Entry is hard deleted >>>>>>>> on >>>>>>>> expiration of url. >>>>>>>> Version >= 4.2 >>>>>>>> template_store_ref, download_url is made null on expiration of >>>>>>>> url. >>>>>>>> volume_store_ref, entry hard deleted on expiration of url. >>>>>>>> >>>>>>>> ==== >>>>>>>> >>>>>>>> But I'm not too sure what is the recommended values I need to set >>>>>>>> for >>>>>>>> extract.url.expiration.interval and extract.url.cleanup.interval. >>>>>>>> Any >>>>>>>> advise? >>>>>>>> >>>>>>>> Thank you. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Sun, Sep 28, 2014 at 1:39 AM, Wido den Hollander <w...@widodh.nl> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Op 27 sep. 2014 om 19:25 heeft Indra Pramana <in...@sg.or.id> het >>>>>>>>> volgende geschreven: >>>>>>>>>> >>>>>>>>>> Dear all, >>>>>>>>>> >>>>>>>>>> FYI, I managed to complete the tasks and install the certificates. >>>>>>>>>> As >>>>>>>>> a >>>>>>>>>> workaround to the unable to upload the root/intermediate cert via >>>>>>>>>> API >>>>>>>>>> issue, I uploaded a certificate with just "BEGIN" as text via API, >>>>>>>>>> and >>>>>>>>> then >>>>>>>>>> proceed to update the keystore table on the MySQL database >>>>>>>>>> directly >>>>>>>>>> to >>>>>>>>>> input the whole cert. >>>>>>>>>> >>>>>>>>>> It seems to be working, after I uploaded the cert and private key >>>>>>>>>> via >>>>>>>>> GUI, >>>>>>>>>> I can see that both CPVM and SSVM are being restarted. When I >>>>>>>>>> test: >>>>>>>>>> >>>>>>>>>> - Console is working, using my own domain now. Yay! :) >>>>>>>>>> >>>>>>>>>> - However, when I try to test downloading a template, it's still >>>>>>>>> showing >>>>>>>>>> realhostip.com as the URL to download. I have tried destroying the >>>>>>>>> SSVM >>>>>>>>> and >>>>>>>>>> a new SSVM was created, up and running. However, it's still >>>>>>>>>> showing >>>>>>>>>> realhostip.com when I test again. >>>>>>>>>> >>>>>>>>>> Anyone knows why it's still referring to realhostip.com for >>>>>>>>> downloading >>>>>>>>>> templates? >>>>>>>>>> >>>>>>>>> >>>>>>>>> Look at the global settings. There is a domain for the sec storage >>>>>>>>> as >>>>>>>>> well. >>>>>>>>> >>>>>>>>> Maybe restart the mgmt server? >>>>>>>>> >>>>>>>>>> Looking forward to your reply, thank you. >>>>>>>>>> >>>>>>>>>> Cheers. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On Sun, Sep 28, 2014 at 12:49 AM, Indra Pramana <in...@sg.or.id> >>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Dear all, >>>>>>>>>>> >>>>>>>>>>> Apologise for sending quite a lot of emails tonight. Anyone knows >>>>>>>>>>> if >>>>>>>>> it's >>>>>>>>>>> safe for me to update the keystore table on the database >>>>>>>>>>> directly? >>>>>>>>> Since >>>>>>>>>>> the API call doesn't work. >>>>>>>>>>> >>>>>>>>>>> Thank you. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana <in...@sg.or.id> >>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Only if I key in the certificate as "BEGIN", then it seems to be >>>>>>>>>>>> accepting. But of course, the certificate is invalid. >>>>>>>>>>>> >>>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0"> >>>>>>>>>>>> <jobid>1efe722a-e7c7-4c43-9f6b-67ce860dbe34</jobid> >>>>>>>>>>>> </uploadcustomcertificateresponse> >>>>>>>>>>>> >>>>>>>>>>>> Is it my browser issue? I have tried using two different >>>>>>>>>>>> browsers: >>>>>>>>>>>> Firefox and Chrome, and both are having the same problem. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> On Sun, Sep 28, 2014 at 12:36 AM, Indra Pramana >>>>>>>>>>>>> <in...@sg.or.id> >>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" >>>>>>>>>>>>> without >>>>>>>>> the >>>>>>>>>>>>> "-----" and the content of the certificate itself. Same problem >>>>>>>>> persists, >>>>>>>>>>>>> it says parameter certificate is invalid, contains illegal >>>>>>>>>>>>> ASCII >>>>>>>>>>>>> non-printable characters. >>>>>>>>>>>>> >>>>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0"> >>>>>>>>>>>>> <errorcode>431</errorcode> >>>>>>>>>>>>> <cserrorcode>9999</cserrorcode> >>>>>>>>>>>>> <errortext> >>>>>>>>>>>>> Received value BEGIN CERTIFICATE END CERTIFICATE for parameter >>>>>>>>>>>>> certificate is invalid, contains illegal ASCII non-printable >>>>>>>>> characters >>>>>>>>>>>>> </errortext> >>>>>>>>>>>>> </uploadcustomcertificateresponse> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Seems the issue was not actually on the certificate itself, but >>>>>>>>> may be >>>>>>>>>>>>> on the API call handler? >>>>>>>>>>>>> >>>>>>>>>>>>> Any advice is greatly appreciated. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> On Sat, Sep 27, 2014 at 11:35 PM, Indra Pramana >>>>>>>>>>>>>> <in...@sg.or.id> >>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Amogh and all, >>>>>>>>>>>>>> >>>>>>>>>>>>>> To add, I am using RapidSSL and I got the root and >>>>>>>>>>>>>> intermediate >>>>>>>>> CAs >>>>>>>>>>>>>> from here: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> https://knowledge.rapidssl.com/support/ssl-certificate-support/index >>>>>>>>> ?p >>>>>>>>> age >>>>>>>>> =content&actp=CROSSLINK&id=SO26457 >>>>>>>>>>>>>> >>>>>>>>>>>>>> I have ensured that the encoding is done correctly, but still >>>>>>>>> there's >>>>>>>>>>>>>> issue when I tried to upload it. Is it because I am still >>>>>>>>>>>>>> using >>>>>>>>> version >>>>>>>>>>>>>> 4.2.0, may be there's a different method on how to upload? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Error messages: >>>>>>>>>>>>>> >>>>>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0"> >>>>>>>>>>>>>> <errorcode>431</errorcode> >>>>>>>>>>>>>> <cserrorcode>9999</cserrorcode> >>>>>>>>>>>>>> <errortext> >>>>>>>>>>>>>> Received value -----BEGIN CERTIFICATE----- >>>>>>>>>>>>>> >>>>>>>>>>>>>> MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlV >>>>>>>>>>>>>> T >>>>>>>>>>>>>> >>>>>>>>>>>>>> MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ >>>>>>>>>>>>>> 0 >>>>>>>>>>>>>> >>>>>>>>>>>>>> aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDA >>>>>>>>>>>>>> w >>>>>>>>>>>>>> >>>>>>>>>>>>>> WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1U >>>>>>>>>>>>>> E >>>>>>>>>>>>>> >>>>>>>>>>>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMII >>>>>>>>>>>>>> B >>>>>>>>>>>>>> >>>>>>>>>>>>>> CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9 >>>>>>>>>>>>>> m >>>>>>>>>>>>>> >>>>>>>>>>>>>> OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpI >>>>>>>>>>>>>> u >>>>>>>>>>>>>> >>>>>>>>>>>>>> T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6 >>>>>>>>>>>>>> c >>>>>>>>>>>>>> >>>>>>>>>>>>>> JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjm >>>>>>>>>>>>>> R >>>>>>>>>>>>>> >>>>>>>>>>>>>> Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5as >>>>>>>>>>>>>> z >>>>>>>>>>>>>> >>>>>>>>>>>>>> PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEj >>>>>>>>>>>>>> m >>>>>>>>>>>>>> >>>>>>>>>>>>>> aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMr >>>>>>>>>>>>>> M >>>>>>>>>>>>>> >>>>>>>>>>>>>> TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+ >>>>>>>>>>>>>> g >>>>>>>>>>>>>> >>>>>>>>>>>>>> LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDB >>>>>>>>>>>>>> O >>>>>>>>>>>>>> >>>>>>>>>>>>>> BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2V >>>>>>>>>>>>>> v >>>>>>>>>>>>>> >>>>>>>>>>>>>> dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4G >>>>>>>>>>>>>> B >>>>>>>>>>>>>> >>>>>>>>>>>>>> AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomr >>>>>>>>>>>>>> L >>>>>>>>>>>>>> >>>>>>>>>>>>>> NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1 >>>>>>>>>>>>>> W >>>>>>>>>>>>>> b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S -----END >>>>>>>>> CERTIFICATE----- for >>>>>>>>>>>>>> parameter certificate is invalid, contains illegal ASCII >>>>>>>>> non-printable >>>>>>>>>>>>>> characters >>>>>>>>>>>>>> </errortext> >>>>>>>>>>>>>> </uploadcustomcertificateresponse> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Any advice is greatly appreciated, since 30 Sep is just >>>>>>>>>>>>>> another >>>>>>>>>>>>>> 3 >>>>>>>>>>>>>> days... >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sat, Sep 27, 2014 at 11:21 PM, Indra Pramana >>>>>>>>>>>>>>> <in...@sg.or.id> >>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Amogh, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I tried again tonight, still the same. Not too sure why, is >>>>>>>>>>>>>>> it >>>>>>>>>>>>>>> something wrong with the certificate? But I have confirmed >>>>>>>>>>>>>>> that >>>>>>>>> it's the >>>>>>>>>>>>>>> correct root certificate from my CA. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Any other advice? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Looking forward to your reply, thank you. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cheers. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vasekar < >>>>>>>>>>>>>>> amogh.vase...@citrix.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can you try using http://meyerweb.com/eric/tools/dencoder/ >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Amogh >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On 9/22/14 4:36 AM, "Indra Pramana" <in...@sg.or.id> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Dear all, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I am following the instruction on this documentation to >>>>>>>>>>>>>>>>> replace >>>>>>>>>>>>>>>>> realhostip.com with my own domain. >>>>>>>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+ >>>>>>>>> Re >>>>>>>>> pla >>>>>>>>> c >>>>>>>>>>>>>>>>> e+realhostip.com+with+Your+Own+Domain+Name >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Everything is fine until I need to upload the root >>>>>>>>>>>>>>>>> certificate >>>>>>>>> via >>>>>>>>>>>>>>>> API. I >>>>>>>>>>>>>>>>> have URL-encoded the certificate using online URL encoder >>>>>>>>>>>>>>>>> tool >>>>>>>>> such >>>>>>>>>>>>>>>> as: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> http://www.url-encode-decode.com/ >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> However, when I run the API command, the certificate is >>>>>>>>> rejected, >>>>>>>>>>>>>>>> saying >>>>>>>>>>>>>>>>> that it contains illegal ASCII non-printable characters: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> for parameter certificate is invalid, contains illegal >>>>>>>>>>>>>>>>> ASCII >>>>>>>>>>>>>>>> non-printable >>>>>>>>>>>>>>>>> characters >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I have ensured and verified that it only contains generic >>>>>>>>>>>>>>>>> ASCII >>>>>>>>> text >>>>>>>>>>>>>>>>> format, no space, symbol etc. Tried using UTF-8, US-ASCII >>>>>>>>> format >>>>>>>>>>>>>>>> while >>>>>>>>>>>>>>>>> encoding, but still cannot work. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Any advice is greatly appreciated. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Looking forward to your reply, thank you. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Cheers. >>>>>> >>>>>> Regards, >>>>>> Rohit Yadav >>>>>> Software Architect, ShapeBlue >>>>>> M. +41 779015219 | rohit.ya...@shapeblue.com >>>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>>>>> >>>>>> >>>>>> >>>>>> Find out more about ShapeBlue and our range of CloudStack related >>>>>> services >>>>>> >>>>>> IaaS Cloud Design & >>>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>>>>> CSForge rapid IaaS deployment >>>>>> framework<http://shapeblue.com/csforge/> >>>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>>>>> CloudStack Infrastructure >>>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>>>>> CloudStack Bootcamp Training >>>>>> Courses<http://shapeblue.com/cloudstack-training/> >>>>>> >>>>>> This email and any attachments to it may be confidential and are >>>>>> intended solely for the use of the individual to whom it is addressed. >>>>>> Any views or opinions expressed are solely those of the author and do >>>>>> not necessarily represent those of Shape Blue Ltd or related >>>>>> companies. >>>>>> If you are not the intended recipient of this email, you must neither >>>>>> take any action based upon its contents, nor copy or show it to >>>>>> anyone. >>>>>> Please contact the sender if you believe you have received this email >>>>>> in >>>>>> error. Shape Blue Ltd is a company incorporated in England & Wales. >>>>>> ShapeBlue Services India LLP is a company incorporated in India and is >>>>>> operated under license from Shape Blue Ltd. Shape Blue Brasil >>>>>> Consultoria Ltda is a company incorporated in Brasil and is operated >>>>>> under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company >>>>>> registered by The Republic of South Africa and is traded under license >>>>>> from Shape Blue Ltd. ShapeBlue is a registered trademark. >>>>> >>>>> Regards, >>>>> Rohit Yadav >>>>> Software Architect, ShapeBlue >>>>> M. +41 779015219 | rohit.ya...@shapeblue.com >>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>>>> >>>>> >>>>> >>>>> Find out more about ShapeBlue and our range of CloudStack related >>>>> services >>>>> >>>>> IaaS Cloud Design & >>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>>>> CSForge rapid IaaS deployment >>>>> framework<http://shapeblue.com/csforge/> >>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>>>> CloudStack Infrastructure >>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>>>> CloudStack Bootcamp Training >>>>> Courses<http://shapeblue.com/cloudstack-training/> >>>>> >>>>> This email and any attachments to it may be confidential and are >>>>> intended >>>>> solely for the use of the individual to whom it is addressed. Any views >>>>> or opinions expressed are solely those of the author and do not >>>>> necessarily represent those of Shape Blue Ltd or related companies. If >>>>> you are not the intended recipient of this email, you must neither take >>>>> any action based upon its contents, nor copy or show it to anyone. >>>>> Please >>>>> contact the sender if you believe you have received this email in >>>>> error. >>>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >>>>> Services India LLP is a company incorporated in India and is operated >>>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda >>>>> is >>>>> a company incorporated in Brasil and is operated under license from >>>>> Shape >>>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic >>>>> of >>>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue >>>>> is a registered trademark. >>>> >>> >>> Regards, >>> Rohit Yadav >>> Software Architect, ShapeBlue >>> M. +41 779015219 | rohit.ya...@shapeblue.com >>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>> >>> >>> >>> Find out more about ShapeBlue and our range of CloudStack related services >>> >>> IaaS Cloud Design & >>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>> CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/> >>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>> CloudStack Infrastructure >>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>> CloudStack Bootcamp Training >>> Courses<http://shapeblue.com/cloudstack-training/> >>> >>> This email and any attachments to it may be confidential and are intended >>> solely for the use of the individual to whom it is addressed. Any views >>> or opinions expressed are solely those of the author and do not >>> necessarily represent those of Shape Blue Ltd or related companies. If >>> you are not the intended recipient of this email, you must neither take >>> any action based upon its contents, nor copy or show it to anyone. Please >>> contact the sender if you believe you have received this email in error. >>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >>> Services India LLP is a company incorporated in India and is operated >>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is >>> a company incorporated in Brasil and is operated under license from Shape >>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of >>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue >>> is a registered trademark. >> > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +41 779015219 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue Ltd. > Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is > operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company > registered by The Republic of South Africa and is traded under license from > Shape Blue Ltd. ShapeBlue is a registered trademark. Regards, Rohit Yadav Software Architect, ShapeBlue M. +41 779015219 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
