HI Erik, It seems while uploading the server certificate through UI, you might have provided the url encoded value in the server certificate .. that is the reason you have seeing this exception.[I just reproduce your issue by providing encoded value in the UI wizard ]
You no need to perform url encode while uploading the certificate from UI because internally CS will do for you while uploading the certificate from UI. you have to encode keys only when you are uploading the keys using API.(i.e for uploading root and intermediate through API ) Steps: 1.first upload root/intermediate certificate through api by providing encoded values( refer this link to encode keys http://www.url-encode-decode.com/) . 2.for server certificate -go to UI -provide Server certificate, PKCS#8 Private Key and domain name [Here don't encode the certificates because CS will do it for u internally.] It seems my blog misses this information will update it now(http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html ) . thank you. If you still see the issues, please provide the full logs . Regards sadhu -----Original Message----- From: Erik Weber [mailto:terbol...@gmail.com] Sent: 01 April 2015 03:35 To: us...@cloudstack.apache.org Cc: dev Subject: Re: Unable to upload customer certificate On Tue, Mar 31, 2015 at 11:52 PM, Erik Weber <terbol...@gmail.com> wrote: > On Tue, Mar 31, 2015 at 2:57 PM, Suresh Sadhu > <suresh.sa...@citrix.com> > wrote: > >> HI, >> >> Code not changed recently and try uploading the >> keys(root,intermediate) using api which was mentioned by you (Guide followed: >> >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+R >> eplace+realhostip.com+with+Your+Own+Domain+Name) >> and server certifictate through UI. >> >> > This is beginning to drive me mad. > > - I have converted the original PEM key to PKCS#8 (twice according to > docs). > - I've tried both with pythons urllib.quote to encode, as well as > using advanced rest client in chrome. > - I've verified with openssl that the key matches the cert (and to be > frank, we're using this in a lot of other places, including another > cloudstack install...) > > Heck, that got me thinking that I could copy the keystore table, and so I did, but it still fails.... with the exact same error message as previously. -- Erik