updated main docs, created pull request... Thanks
On 16 April 2015 at 15:40, Andrija Panic <andrija.pa...@gmail.com> wrote: > Suresh, > > not sure if I miss something, but on: > http://cloudstack-administration.readthedocs.org/en/4.4/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain > I dont see any mentioning of ROOT CA, and Intermediate CA. > > The only page I found that references these, is: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name > > Not sure how to edit this one ? > > Thanks > > On 16 April 2015 at 14:28, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > >> Good to hear. If you feel documentation is not clear then please raise >> the doc bug for the same. >> >> Regards >> Sadhu >> >> >> -----Original Message----- >> From: Andrija Panic [mailto:andrija.pa...@gmail.com] >> Sent: 15 April 2015 16:39 >> To: dev@cloudstack.apache.org >> Cc: us...@cloudstack.apache.org >> Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM >> >> Hi guys, >> >> just to update - issue solved: >> >> Deleted the 5th row, so only 4 additional rows left (as original keystore >> table layout prior to replacing certificate) >> >> The problem was actually, while URL encoding ROOT CA and Intermediate CA, >> the plus sign ( + ) was replaced by SPACE... >> >> Thanks for all the help everybody >> >> >> On 7 April 2015 at 20:10, Suresh Sadhu <suresh.sa...@citrix.com> wrote: >> >> > If you have taken backup of your table(keystore) before upload then >> > you revert to previous state then upload the certificates again. >> > >> > Encode(url ecode) the root and intermediate keys while uploading >> > through api Root - seq 1 Intermediate seq 2 >> > >> > And while uploading server certificate through UI don 't encode >> > the keys ,enter only server certificate and private key(it should be >> > PKCS#8 >> > format) and domain name because you have already uploaded root and >> > intermediate through API.( how to check certificate uploaded correctly >> > or not on system vms ,just run the keytool -list on system vms --for >> > syntax/description ref this blog it might useful to you : >> > http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-whi >> > le.html >> > ) >> > >> > Regards >> > Sadhu >> > >> > >> > -----Original Message----- >> > From: Andrija Panic [mailto:andrija.pa...@gmail.com] >> > Sent: 07 April 2015 23:19 >> > To: dev@cloudstack.apache.org >> > Cc: us...@cloudstack.apache.org >> > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM >> > >> > Thanks Suresh. >> > >> > 2 identical sequence numbers means: first occurence is OLD >> > Intermediate CA(from 1 year ago), and the second occurence is the new >> > one just uploaded (it happened I used different names) >> > >> > for ROOT CA - it happened I used the same name "ROOT1" so the old one >> > got overwriten with seq number 1 >> > >> > Do you expect I should delete the old Intermediate1 CA manually (and >> > leave only the new one) ? >> > Or am I expected to upload again ROOT/intermediate with exact same >> > names and seq numbers ? >> > >> > Thanks >> > >> > On 7 April 2015 at 19:43, Suresh Sadhu <suresh.sa...@citrix.com> wrote: >> > >> > > I see same sequence number for 2 intermediate certificates. does >> > > your certificate has multiple intermediate certificate or it has >> only one. >> > > >> > > The reason for getting realhost ip is . your certificate is not >> > > applied correctly that is reason it's still refer the old >> certificate. >> > > >> > > >> > > Regards >> > > sadhu >> > > >> > > -----Original Message----- >> > > From: Andrija Panic [mailto:andrija.pa...@gmail.com] >> > > Sent: 07 April 2015 22:56 >> > > To: us...@cloudstack.apache.org >> > > Cc: dev@cloudstack.apache.org >> > > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM >> > > >> > > Hi Lucian >> > > >> > > yes it is *.domain.com (from 4.3.1 onwards)... >> > > >> > > If you can check my attached image, keystore tableseems messed a >> > > little bit >> > > :) >> > > http://snag.gy/LMA4h.jpg >> > > >> > > >> > > On 7 April 2015 at 19:12, Nux! <n...@li.nux.ro> wrote: >> > > >> > > > Can you check secstorage.ssl.cert.domain in global settings and >> > > > see if it's the correct one? >> > > > Should be *.blah.tld or whatever your domain is. >> > > > >> > > > >> > > > HTH >> > > > Lucian >> > > > >> > > > -- >> > > > Sent from the Delta quadrant using Borg technology! >> > > > >> > > > Nux! >> > > > www.nux.ro >> > > > >> > > > ----- Original Message ----- >> > > > > From: "Andrija Panic" <andrija.pa...@gmail.com> >> > > > > To: us...@cloudstack.apache.org, dev@cloudstack.apache.org >> > > > > Sent: Tuesday, 7 April, 2015 17:42:35 >> > > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM >> > > > >> > > > > Hi guys, >> > > > > >> > > > > our SSL just expired, and I needed to upload new ROOT CA, >> > > > > Intemediata >> > > > ROOT >> > > > > CA, and at the end SSL for sever and a private key. >> > > > > >> > > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded >> > > > Intermediate >> > > > > ROOT CA, via API, with URL encoded stuff - checked in database >> > > > > all seems >> > > > OK. >> > > > > >> > > > > But after uploading new SSL and private key, destroyed CPVM and >> > > > > SSVM >> > > > > - my Console Proxy shows *.realiphost.com as the domain for the >> > > > > SSL wjen I access >> > > > > >> > > > > Any clues what I did wrong ? >> > > > > Should I have somehow removed first old ROOT CA and old >> > > > > Intermediate CA, and upload new ones ? >> > > > > >> > > > > Here is database content from cloud.keystore: >> > > > > http://snag.gy/LMA4h.jpg >> > > > > >> > > > > This means that for some reason, original realiphost.com SSL is >> > > > > now used inside CPVM... >> > > > > >> > > > > Any help greatly appreciated, since this is live system... >> > > > > >> > > > > Thanks, >> > > > > >> > > > > >> > > > > >> > > > > -- >> > > > > >> > > > > Andrija Panić >> > > > >> > > >> > > >> > > >> > > -- >> > > >> > > Andrija Panić >> > > >> > >> > >> > >> > -- >> > >> > Andrija Panić >> > >> >> >> >> -- >> >> Andrija Panić >> > > > > -- > > Andrija Panić > -- Andrija Panić
