On Tue, Mar 31, 2015 at 2:57 PM, Suresh Sadhu <suresh.sa...@citrix.com> wrote:
> HI, > > Code not changed recently and try uploading the keys(root,intermediate) > using api which was mentioned by you (Guide followed: > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name) > and server certifictate through UI. > > This is beginning to drive me mad. - I have converted the original PEM key to PKCS#8 (twice according to docs). - I've tried both with pythons urllib.quote to encode, as well as using advanced rest client in chrome. - I've verified with openssl that the key matches the cert (and to be frank, we're using this in a lot of other places, including another cloudstack install...) Currently I end up with the following: 2015-03-31 23:44:38,598 ERROR [o.a.c.f.s.k.KeystoreManagerImpl] (API-Job-Executor-28:ctx-d0153497 job-426 ctx-443ae0ac) Certificate validation failed due to exception for domain: xyz.com java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Incomplete data Adding root and intermediate certs work, it's apparently the wildcard certificate (or corresponding key) that fails for some reason. -- Erik