Hi guys, just to update - issue solved:
Deleted the 5th row, so only 4 additional rows left (as original keystore table layout prior to replacing certificate) The problem was actually, while URL encoding ROOT CA and Intermediate CA, the plus sign ( + ) was replaced by SPACE... Thanks for all the help everybody On 7 April 2015 at 20:10, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > If you have taken backup of your table(keystore) before upload then you > revert to previous state then upload the certificates again. > > Encode(url ecode) the root and intermediate keys while uploading through > api > Root - seq 1 > Intermediate seq 2 > > And while uploading server certificate through UI don 't encode the > keys ,enter only server certificate and private key(it should be PKCS#8 > format) and domain name because you have already uploaded root and > intermediate through API.( how to check certificate uploaded correctly or > not on system vms ,just run the keytool -list on system vms --for > syntax/description ref this blog it might useful to you : > http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html > ) > > Regards > Sadhu > > > -----Original Message----- > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > Sent: 07 April 2015 23:19 > To: dev@cloudstack.apache.org > Cc: us...@cloudstack.apache.org > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > Thanks Suresh. > > 2 identical sequence numbers means: first occurence is OLD Intermediate > CA(from 1 year ago), and the second occurence is the new one just uploaded > (it happened I used different names) > > for ROOT CA - it happened I used the same name "ROOT1" so the old one got > overwriten with seq number 1 > > Do you expect I should delete the old Intermediate1 CA manually (and leave > only the new one) ? > Or am I expected to upload again ROOT/intermediate with exact same names > and seq numbers ? > > Thanks > > On 7 April 2015 at 19:43, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > > > I see same sequence number for 2 intermediate certificates. does your > > certificate has multiple intermediate certificate or it has only one. > > > > The reason for getting realhost ip is . your certificate is not > > applied correctly that is reason it's still refer the old certificate. > > > > > > Regards > > sadhu > > > > -----Original Message----- > > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > > Sent: 07 April 2015 22:56 > > To: us...@cloudstack.apache.org > > Cc: dev@cloudstack.apache.org > > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > > > Hi Lucian > > > > yes it is *.domain.com (from 4.3.1 onwards)... > > > > If you can check my attached image, keystore tableseems messed a > > little bit > > :) > > http://snag.gy/LMA4h.jpg > > > > > > On 7 April 2015 at 19:12, Nux! <n...@li.nux.ro> wrote: > > > > > Can you check secstorage.ssl.cert.domain in global settings and see > > > if it's the correct one? > > > Should be *.blah.tld or whatever your domain is. > > > > > > > > > HTH > > > Lucian > > > > > > -- > > > Sent from the Delta quadrant using Borg technology! > > > > > > Nux! > > > www.nux.ro > > > > > > ----- Original Message ----- > > > > From: "Andrija Panic" <andrija.pa...@gmail.com> > > > > To: us...@cloudstack.apache.org, dev@cloudstack.apache.org > > > > Sent: Tuesday, 7 April, 2015 17:42:35 > > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > > > > > > Hi guys, > > > > > > > > our SSL just expired, and I needed to upload new ROOT CA, > > > > Intemediata > > > ROOT > > > > CA, and at the end SSL for sever and a private key. > > > > > > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded > > > Intermediate > > > > ROOT CA, via API, with URL encoded stuff - checked in database all > > > > seems > > > OK. > > > > > > > > But after uploading new SSL and private key, destroyed CPVM and > > > > SSVM > > > > - my Console Proxy shows *.realiphost.com as the domain for the > > > > SSL wjen I access > > > > > > > > Any clues what I did wrong ? > > > > Should I have somehow removed first old ROOT CA and old > > > > Intermediate CA, and upload new ones ? > > > > > > > > Here is database content from cloud.keystore: > > > > http://snag.gy/LMA4h.jpg > > > > > > > > This means that for some reason, original realiphost.com SSL is > > > > now used inside CPVM... > > > > > > > > Any help greatly appreciated, since this is live system... > > > > > > > > Thanks, > > > > > > > > > > > > > > > > -- > > > > > > > > Andrija Panić > > > > > > > > > > > -- > > > > Andrija Panić > > > > > > -- > > Andrija Panić > -- Andrija Panić
