Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

If required, we can share tomcat configuration file.
Screenshots and all info is with Sadhu.

Regards,
F.

On 24 Oct 2014, at 18:36, Stephen Turner stephen.tur...@citrix.com wrote:

 I'm still puzzled why it would have worked on my Firefox too. There must be 
 some difference in configuration.
 
 -- 
 Stephen Turner
 
 
 -Original Message-
 From: Amogh Vasekar [mailto:amogh.vase...@citrix.com] 
 Sent: 23 October 2014 16:18
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Hi,
 
 He certainly is :-)
 Can you share the screenshot of firebug request and response so as to 
 diagnose better?
 Also, was the upload call made as admin or regular user?
 
 Thanks,
 Amogh
 
 On 10/23/14 3:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 Thanks France, We(France myself) have diagnosed the problem and in 
 firefox after  uploading the certificate it shows HTTP Error 501 Not 
 implemented error in api response(firebug  output )and
 
 The request is not reaching the server  itself(CS management server and 
 api server logs not shown any API request details ..) so probably the 
 failure  is due to client side settings or  due to some other problem.
 
 We need to identify  reasons for HTTP error 501 not implemented.
 http://www.checkupdown.com/status/E501.html
 
 Amogh/Nitin : can you please check in which cases this 501 not 
 implemented will occur.
 
 Regards
 Sadhu
 
 
 
 
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 23 October 2014 15:43
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Suresh is awesome. Hope Citrix knows that. :-) We diagnosed the issue 
 with ACS 4.3.1 and Firefox browser, and Suresh will update this thread 
 with details.
 
 Regards,
 F.
 
 
 On 15 Oct 2014, at 13:55, France mailingli...@isg.si wrote:
 
 Because i do not check this mailing list every day due to actual 
 payed work, i have not seen your request.
 I will contact you right now.
 
 
 On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 Sure Nitin and as of now I didn't hear anything from France.
 
 Regards
 sadhu
 
 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com]
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Sadhu - Please do update the thread once you have some observation.
 Thanks
 
 -Nitin
 
 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 HI France,
 
 I can help  today .
 My personal email id is mailtosa...@gmail.com
 
 
 Regards
 sadhu
 
 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 France, I'm sorry, but I'm about to go away for three weeks, and 
 I'm not going to have time to work on this.
 
 Is there anyone else who could help France? Is anyone else seeing 
 the problem, because I couldn't reproduce it?
 
 --
 Stephen Turner
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Send me a private email and you can test it on my exact system with 
 all development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..
 
 Regards,
 F.
 
 On 26 Sep 2014, at 16:53, Stephen Turner 
 stephen.tur...@citrix.com
 wrote:
 
 I'm afraid I couldn't reproduce this, even with your certificate 
 and private key. Everything I tried, I got Update Certiciate 
 [sic] Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try 
 and repro this with?
 
 France, if you open the developer tools in Firefox and do this 
 again, do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner 
 stephen.tur...@citrix.com
 wrote:
 
 Yes, I would like a bug report for this. Please assign it to me.
 This bit of UI has been rewritten on master, but it should work 
 the same in all browsers, so I'd like to investigate whether it's 
 fixed on master, and also whether there are any other similar 
 controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates 
 the problem, that would be great just to make sure that we can repro it.
 Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[Rajani Karuturi]

This might be due the preflighted requests [1]. Changing content type to
text/plain might fix it. Looking at the access log will show if an OPTIONS
request is being sent by Firefox.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS


On Fri, Oct 24, 2014 at 22:06 PM, Stephen Turner stephen.tur...@citrix.com
wrote:

I'm still puzzled why it would have worked on my Firefox too. There must be
some difference in configuration.

--
Stephen Turner


-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com javascript:;]
Sent: 23 October 2014 16:18
To: dev@cloudstack.apache.org javascript:;
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Hi,

He certainly is :-)
Can you share the screenshot of firebug request and response so as to
diagnose better?
Also, was the upload call made as admin or regular user?

Thanks,
Amogh

On 10/23/14 3:27 AM, Suresh Sadhu suresh.sa...@citrix.com javascript:;
wrote:

Thanks France, We(France myself) have diagnosed the problem and in
firefox after  uploading the certificate it shows HTTP Error 501 Not
implemented error in api response(firebug  output )and

The request is not reaching the server  itself(CS management server and
api server logs not shown any API request details ..) so probably the
failure  is due to client side settings or  due to some other problem.

We need to identify  reasons for HTTP error 501 not implemented.
http://www.checkupdown.com/status/E501.html

Amogh/Nitin : can you please check in which cases this 501 not
implemented will occur.

Regards
Sadhu







-Original Message-
From: France [mailto:mailingli...@isg.si javascript:;]
Sent: 23 October 2014 15:43
To: dev@cloudstack.apache.org javascript:;
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Suresh is awesome. Hope Citrix knows that. :-) We diagnosed the issue
with ACS 4.3.1 and Firefox browser, and Suresh will update this thread
with details.

Regards,
F.


On 15 Oct 2014, at 13:55, France mailingli...@isg.si javascript:;
wrote:

 Because i do not check this mailing list every day due to actual
payed work, i have not seen your request.
 I will contact you right now.


 On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com
javascript:; wrote:

 Sure Nitin and as of now I didn't hear anything from France.

 Regards
 sadhu

 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com javascript:;]
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org javascript:;
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

 Sadhu - Please do update the thread once you have some observation.
 Thanks

 -Nitin

 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com
javascript:; wrote:

 HI France,

 I can help  today .
 My personal email id is mailtosa...@gmail.com javascript:;


 Regards
 sadhu

 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com javascript:;]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org javascript:;
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI

 France, I'm sorry, but I'm about to go away for three weeks, and
 I'm not going to have time to work on this.

 Is there anyone else who could help France? Is anyone else seeing
 the problem, because I couldn't reproduce it?

 --
 Stephen Turner



 -Original Message-
 From: France [mailto:mailingli...@isg.si javascript:;]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org javascript:;
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

 Send me a private email and you can test it on my exact system with
 all development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..

 Regards,
 F.

 On 26 Sep 2014, at 16:53, Stephen Turner
 stephen.tur...@citrix.com javascript:;
 wrote:

 I'm afraid I couldn't reproduce this, even with your certificate
 and private key. Everything I tried, I got Update Certiciate
 [sic] Succeeded.

 Does anyone else have a convenient 4.3 and FF 32 that they can try
 and repro this with?

 France, if you open the developer tools in Firefox and do this
 again, do you see any errors?

 --
 Stephen Turner


 -Original Message-
 From: France [mailto:mailingli...@isg.si javascript:;]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org javascript:;
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

 Issue has been created.
 I would assign it to you, but lack credentials?

 https://issues.apache.org/jira/browse/CLOUDSTACK-7635

 Regards,
 F.

 On 26 Sep 2014, at 11:47, Stephen Turner
 stephen.tur...@citrix.com javascript:;
 wrote:

 Yes, I would like a bug report for this. Please assign it to me.
 This bit of UI has been rewritten on master, but it should work
 the same in all browsers, so I'd like to investigate whether it's
 fixed on master, and also whether there are any other similar
 controls

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Stephen Turner]

I'm still puzzled why it would have worked on my Firefox too. There must be 
some difference in configuration.

-- 
Stephen Turner


-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com] 
Sent: 23 October 2014 16:18
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Hi,

He certainly is :-)
Can you share the screenshot of firebug request and response so as to diagnose 
better?
Also, was the upload call made as admin or regular user?

Thanks,
Amogh

On 10/23/14 3:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:

Thanks France, We(France myself) have diagnosed the problem and in 
firefox after  uploading the certificate it shows HTTP Error 501 Not 
implemented error in api response(firebug  output )and

The request is not reaching the server  itself(CS management server and 
api server logs not shown any API request details ..) so probably the 
failure  is due to client side settings or  due to some other problem.

We need to identify  reasons for HTTP error 501 not implemented.
http://www.checkupdown.com/status/E501.html

Amogh/Nitin : can you please check in which cases this 501 not 
implemented will occur.

Regards
Sadhu

 





-Original Message-
From: France [mailto:mailingli...@isg.si]
Sent: 23 October 2014 15:43
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Suresh is awesome. Hope Citrix knows that. :-) We diagnosed the issue 
with ACS 4.3.1 and Firefox browser, and Suresh will update this thread 
with details.

Regards,
F.


On 15 Oct 2014, at 13:55, France mailingli...@isg.si wrote:

 Because i do not check this mailing list every day due to actual 
payed work, i have not seen your request.
 I will contact you right now.
 
 
 On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 Sure Nitin and as of now I didn't hear anything from France.
 
 Regards
 sadhu
 
 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com]
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Sadhu - Please do update the thread once you have some observation.
 Thanks
 
 -Nitin
 
 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 HI France,
 
 I can help  today .
 My personal email id is mailtosa...@gmail.com
 
 
 Regards
 sadhu
 
 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 France, I'm sorry, but I'm about to go away for three weeks, and 
 I'm not going to have time to work on this.
 
 Is there anyone else who could help France? Is anyone else seeing 
 the problem, because I couldn't reproduce it?
 
 --
 Stephen Turner
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Send me a private email and you can test it on my exact system with 
 all development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..
 
 Regards,
 F.
 
 On 26 Sep 2014, at 16:53, Stephen Turner 
 stephen.tur...@citrix.com
 wrote:
 
 I'm afraid I couldn't reproduce this, even with your certificate 
 and private key. Everything I tried, I got Update Certiciate 
 [sic] Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try 
 and repro this with?
 
 France, if you open the developer tools in Firefox and do this 
 again, do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner 
 stephen.tur...@citrix.com
 wrote:
 
 Yes, I would like a bug report for this. Please assign it to me.
 This bit of UI has been rewritten on master, but it should work 
 the same in all browsers, so I'd like to investigate whether it's 
 fixed on master, and also whether there are any other similar 
 controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates 
 the problem, that would be great just to make sure that we can repro it.
 Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, 
 while it worked on latest

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

Suresh is awesome. Hope Citrix knows that. :-)
We diagnosed the issue with ACS 4.3.1 and Firefox browser, and Suresh will 
update this thread with details.

Regards,
F.


On 15 Oct 2014, at 13:55, France mailingli...@isg.si wrote:

 Because i do not check this mailing list every day due to actual payed work, 
 i have not seen your request.
 I will contact you right now.
 
 
 On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 Sure Nitin and as of now I didn't hear anything from France.
 
 Regards
 sadhu
 
 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com] 
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Sadhu - Please do update the thread once you have some observation. Thanks
 
 -Nitin
 
 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 HI France,
 
 I can help  today .
 My personal email id is mailtosa...@gmail.com
 
 
 Regards
 sadhu
 
 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 France, I'm sorry, but I'm about to go away for three weeks, and I'm 
 not going to have time to work on this.
 
 Is there anyone else who could help France? Is anyone else seeing the 
 problem, because I couldn't reproduce it?
 
 --
 Stephen Turner
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Send me a private email and you can test it on my exact system with all 
 development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..
 
 Regards,
 F.
 
 On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com
 wrote:
 
 I'm afraid I couldn't reproduce this, even with your certificate and 
 private key. Everything I tried, I got Update Certiciate [sic] 
 Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try 
 and repro this with?
 
 France, if you open the developer tools in Firefox and do this again, 
 do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com
 wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. 
 This bit of UI has been rewritten on master, but it should work the 
 same in all browsers, so I'd like to investigate whether it's fixed 
 on master, and also whether there are any other similar controls that 
 aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the 
 problem, that would be great just to make sure that we can repro it.
 Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while 
 it worked on latest Chrome.
 Because the problem is on the browser side, it did not reach 
 management server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also 
 advise to update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little 
 reluctant to do so, because some of the bug reports i made previously 
 just sit there for years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from 
 ShapeBlue who kindly offered to sell annual 24/7 support to help me 
 sort this issue.
 Too bad they did not want to provide help/support for this one 
 incident, which which they have come across already. They could get 
 payed well for telling me to use another browser. :-) While i 
 appreciate what ShapeBlue does for ACS, they could easily just have 
 told us publicly on the mailing list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue.
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 
 format without encryption and added in ACS GUI with *.domain.tld and 
 again with domain.tld. I did copy paste the crt and key with and 
 without -BEGIN CERTIFICATE-- tags. Nothing works. I have

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Suresh Sadhu]

Thanks France, We(France myself) have diagnosed the problem and in firefox 
after  uploading the certificate it shows HTTP Error 501 Not implemented 
error in api response(firebug  output )and 

The request is not reaching the server  itself(CS management server and  api 
server logs not shown any API request details ..) so probably the failure  is 
due to client side settings or  due to some other problem. 

We need to identify  reasons for HTTP error 501 not implemented. 
http://www.checkupdown.com/status/E501.html

Amogh/Nitin : can you please check in which cases this 501 not implemented will 
occur.

Regards
Sadhu

 





-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 23 October 2014 15:43
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Suresh is awesome. Hope Citrix knows that. :-) We diagnosed the issue with ACS 
4.3.1 and Firefox browser, and Suresh will update this thread with details.

Regards,
F.


On 15 Oct 2014, at 13:55, France mailingli...@isg.si wrote:

 Because i do not check this mailing list every day due to actual payed work, 
 i have not seen your request.
 I will contact you right now.
 
 
 On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 Sure Nitin and as of now I didn't hear anything from France.
 
 Regards
 sadhu
 
 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com]
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Sadhu - Please do update the thread once you have some observation. 
 Thanks
 
 -Nitin
 
 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 HI France,
 
 I can help  today .
 My personal email id is mailtosa...@gmail.com
 
 
 Regards
 sadhu
 
 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 France, I'm sorry, but I'm about to go away for three weeks, and I'm 
 not going to have time to work on this.
 
 Is there anyone else who could help France? Is anyone else seeing 
 the problem, because I couldn't reproduce it?
 
 --
 Stephen Turner
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Send me a private email and you can test it on my exact system with 
 all development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..
 
 Regards,
 F.
 
 On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com
 wrote:
 
 I'm afraid I couldn't reproduce this, even with your certificate 
 and private key. Everything I tried, I got Update Certiciate [sic] 
 Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try 
 and repro this with?
 
 France, if you open the developer tools in Firefox and do this 
 again, do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner 
 stephen.tur...@citrix.com
 wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. 
 This bit of UI has been rewritten on master, but it should work 
 the same in all browsers, so I'd like to investigate whether it's 
 fixed on master, and also whether there are any other similar 
 controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the 
 problem, that would be great just to make sure that we can repro it.
 Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, 
 while it worked on latest Chrome.
 Because the problem is on the browser side, it did not reach 
 management server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also 
 advise to update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little 
 reluctant to do so, because some of the bug reports i made 
 previously just sit there for years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from 
 ShapeBlue who kindly offered to sell annual 24/7 support

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[Amogh Vasekar]

Hi,

He certainly is :-)
Can you share the screenshot of firebug request and response so as to
diagnose better?
Also, was the upload call made as admin or regular user?

Thanks,
Amogh

On 10/23/14 3:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:

Thanks France, We(France myself) have diagnosed the problem and in
firefox after  uploading the certificate it shows HTTP Error 501 Not
implemented error in api response(firebug  output )and

The request is not reaching the server  itself(CS management server and
api server logs not shown any API request details ..) so probably the
failure  is due to client side settings or  due to some other problem.

We need to identify  reasons for HTTP error 501 not implemented.
http://www.checkupdown.com/status/E501.html

Amogh/Nitin : can you please check in which cases this 501 not
implemented will occur.

Regards
Sadhu

 





-Original Message-
From: France [mailto:mailingli...@isg.si]
Sent: 23 October 2014 15:43
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Suresh is awesome. Hope Citrix knows that. :-) We diagnosed the issue
with ACS 4.3.1 and Firefox browser, and Suresh will update this thread
with details.

Regards,
F.


On 15 Oct 2014, at 13:55, France mailingli...@isg.si wrote:

 Because i do not check this mailing list every day due to actual payed
work, i have not seen your request.
 I will contact you right now.
 
 
 On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 Sure Nitin and as of now I didn't hear anything from France.
 
 Regards
 sadhu
 
 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com]
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Sadhu - Please do update the thread once you have some observation.
 Thanks
 
 -Nitin
 
 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 HI France,
 
 I can help  today .
 My personal email id is mailtosa...@gmail.com
 
 
 Regards
 sadhu
 
 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 France, I'm sorry, but I'm about to go away for three weeks, and I'm
 not going to have time to work on this.
 
 Is there anyone else who could help France? Is anyone else seeing
 the problem, because I couldn't reproduce it?
 
 --
 Stephen Turner
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Send me a private email and you can test it on my exact system with
 all development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..
 
 Regards,
 F.
 
 On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com
 wrote:
 
 I'm afraid I couldn't reproduce this, even with your certificate
 and private key. Everything I tried, I got Update Certiciate [sic]
 Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try
 and repro this with?
 
 France, if you open the developer tools in Firefox and do this
 again, do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner
 stephen.tur...@citrix.com
 wrote:
 
 Yes, I would like a bug report for this. Please assign it to me.
 This bit of UI has been rewritten on master, but it should work
 the same in all browsers, so I'd like to investigate whether it's
 fixed on master, and also whether there are any other similar
 controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the
 problem, that would be great just to make sure that we can repro it.
 Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2,
 while it worked on latest Chrome.
 Because the problem is on the browser side, it did not reach
 management server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also
 advise to update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little
 reluctant to do so

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

Because i do not check this mailing list every day due to actual payed work, i 
have not seen your request.
I will contact you right now.


On 08 Oct 2014, at 20:10, Suresh Sadhu suresh.sa...@citrix.com wrote:

 Sure Nitin and as of now I didn't hear anything from France.
 
 Regards
 sadhu
 
 -Original Message-
 From: Nitin Mehta [mailto:nitin.me...@citrix.com] 
 Sent: 08 October 2014 21:57
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Sadhu - Please do update the thread once you have some observation. Thanks
 
 -Nitin
 
 On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:
 
 HI France,
 
 I can help  today .
 My personal email id is mailtosa...@gmail.com
 
 
 Regards
 sadhu
 
 -Original Message-
 From: Stephen Turner [mailto:stephen.tur...@citrix.com]
 Sent: 08 October 2014 17:43
 To: dev@cloudstack.apache.org
 Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 France, I'm sorry, but I'm about to go away for three weeks, and I'm 
 not going to have time to work on this.
 
 Is there anyone else who could help France? Is anyone else seeing the 
 problem, because I couldn't reproduce it?
 
 --
 Stephen Turner
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 08 October 2014 11:44
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Send me a private email and you can test it on my exact system with all 
 development options turned on as you wish.
 We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..
 
 Regards,
 F.
 
 On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com
 wrote:
 
 I'm afraid I couldn't reproduce this, even with your certificate and 
 private key. Everything I tried, I got Update Certiciate [sic] 
 Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try 
 and repro this with?
 
 France, if you open the developer tools in Firefox and do this again, 
 do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com
 wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. 
 This bit of UI has been rewritten on master, but it should work the 
 same in all browsers, so I'd like to investigate whether it's fixed 
 on master, and also whether there are any other similar controls that 
 aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the 
 problem, that would be great just to make sure that we can repro it.
 Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while 
 it worked on latest Chrome.
 Because the problem is on the browser side, it did not reach 
 management server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also 
 advise to update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little 
 reluctant to do so, because some of the bug reports i made previously 
 just sit there for years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from 
 ShapeBlue who kindly offered to sell annual 24/7 support to help me 
 sort this issue.
 Too bad they did not want to provide help/support for this one 
 incident, which which they have come across already. They could get 
 payed well for telling me to use another browser. :-) While i 
 appreciate what ShapeBlue does for ACS, they could easily just have 
 told us publicly on the mailing list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue.
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 
 format without encryption and added in ACS GUI with *.domain.tld and 
 again with domain.tld. I did copy paste the crt and key with and 
 without -BEGIN CERTIFICATE-- tags. Nothing works. I have the 
 same GUI error message as before. Management-log shows no errors or 
 even logs regarding certificate manipulation. I have not created CA 
 key and certs again. I have confirmed certificate before importing 
 to ACS
 using: openssl

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

Send me a private email and you can test it on my exact system with all 
development options turned on as you wish.
We will do it via remote screen sharing, like VNC, RDP, Teamviewer, .. 

Regards,
F.

On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com wrote:

 I'm afraid I couldn't reproduce this, even with your certificate and private 
 key. Everything I tried, I got Update Certiciate [sic] Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try and repro 
 this with?
 
 France, if you open the developer tools in Firefox and do this again, do you 
 see any errors?
 
 -- 
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si] 
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. This bit of 
 UI has been rewritten on master, but it should work the same in all 
 browsers, so I'd like to investigate whether it's fixed on master, and also 
 whether there are any other similar controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the problem, 
 that would be great just to make sure that we can repro it. Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue 
 who kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue 
 does for ACS, they could easily just have told us publicly on the mailing 
 list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
 * The certificate you've just generated.
 * The private key you've just generated.
 * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
  Data:
  Version: 3 (0x2)
  Serial Number: 4097 (0x1001)
  Signature Algorithm: sha256WithRSAEncryption
  Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
  Validity
  Not Before: Sep 25 12:25:32 2014 GMT
  Not After : Jun  3 12:25:32 2028 GMT
  Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
  Subject Public Key Info:
  Public Key Algorithm: rsaEncryption
  Public-Key: (2048 bit)
  Modulus:
  00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
  94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Stephen Turner]

France, I'm sorry, but I'm about to go away for three weeks, and I'm not going 
to have time to work on this.

Is there anyone else who could help France? Is anyone else seeing the problem, 
because I couldn't reproduce it?

-- 
Stephen Turner



-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 08 October 2014 11:44
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Send me a private email and you can test it on my exact system with all 
development options turned on as you wish.
We will do it via remote screen sharing, like VNC, RDP, Teamviewer, .. 

Regards,
F.

On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com wrote:

 I'm afraid I couldn't reproduce this, even with your certificate and private 
 key. Everything I tried, I got Update Certiciate [sic] Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try and repro 
 this with?
 
 France, if you open the developer tools in Firefox and do this again, do you 
 see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. This bit of 
 UI has been rewritten on master, but it should work the same in all 
 browsers, so I'd like to investigate whether it's fixed on master, and also 
 whether there are any other similar controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the problem, 
 that would be great just to make sure that we can repro it. Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue 
 who kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue 
 does for ACS, they could easily just have told us publicly on the mailing 
 list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
 * The certificate you've just generated.
 * The private key you've just generated.
 * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
  Data:
  Version: 3 (0x2)
  Serial Number: 4097 (0x1001)
  Signature Algorithm: sha256WithRSAEncryption
  Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
  Validity
  Not Before: Sep 25 12:25:32 2014 GMT

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Suresh Sadhu]

HI France,

I can help  today .
My personal email id is mailtosa...@gmail.com


Regards
sadhu

-Original Message-
From: Stephen Turner [mailto:stephen.tur...@citrix.com] 
Sent: 08 October 2014 17:43
To: dev@cloudstack.apache.org
Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI

France, I'm sorry, but I'm about to go away for three weeks, and I'm not going 
to have time to work on this.

Is there anyone else who could help France? Is anyone else seeing the problem, 
because I couldn't reproduce it?

-- 
Stephen Turner



-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 08 October 2014 11:44
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Send me a private email and you can test it on my exact system with all 
development options turned on as you wish.
We will do it via remote screen sharing, like VNC, RDP, Teamviewer, .. 

Regards,
F.

On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com wrote:

 I'm afraid I couldn't reproduce this, even with your certificate and private 
 key. Everything I tried, I got Update Certiciate [sic] Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try and repro 
 this with?
 
 France, if you open the developer tools in Firefox and do this again, do you 
 see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. This bit of 
 UI has been rewritten on master, but it should work the same in all 
 browsers, so I'd like to investigate whether it's fixed on master, and also 
 whether there are any other similar controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the problem, 
 that would be great just to make sure that we can repro it. Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue 
 who kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue 
 does for ACS, they could easily just have told us publicly on the mailing 
 list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
 * The certificate you've just generated.
 * The private key you've just generated.
 * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[Nitin Mehta]

Sadhu - Please do update the thread once you have some observation. Thanks

-Nitin

On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:

HI France,

I can help  today .
My personal email id is mailtosa...@gmail.com


Regards
sadhu

-Original Message-
From: Stephen Turner [mailto:stephen.tur...@citrix.com]
Sent: 08 October 2014 17:43
To: dev@cloudstack.apache.org
Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI

France, I'm sorry, but I'm about to go away for three weeks, and I'm not
going to have time to work on this.

Is there anyone else who could help France? Is anyone else seeing the
problem, because I couldn't reproduce it?

-- 
Stephen Turner



-Original Message-
From: France [mailto:mailingli...@isg.si]
Sent: 08 October 2014 11:44
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Send me a private email and you can test it on my exact system with all
development options turned on as you wish.
We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..

Regards,
F.

On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com
wrote:

 I'm afraid I couldn't reproduce this, even with your certificate and
private key. Everything I tried, I got Update Certiciate [sic]
Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try and
repro this with?
 
 France, if you open the developer tools in Firefox and do this again,
do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com
wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. This
bit of UI has been rewritten on master, but it should work the same in
all browsers, so I'd like to investigate whether it's fixed on master,
and also whether there are any other similar controls that aren't
working in FF 32.
 
 If you can attach a public key and other data that illustrates the
problem, that would be great just to make sure that we can repro it.
Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while
it worked on latest Chrome.
 Because the problem is on the browser side, it did not reach
management server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also
advise to update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant
to do so, because some of the bug reports i made previously just sit
there for years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from
ShapeBlue who kindly offered to sell annual 24/7 support to help me
sort this issue.
 Too bad they did not want to provide help/support for this one
incident, which which they have come across already. They could get
payed well for telling me to use another browser. :-) While i
appreciate what ShapeBlue does for ACS, they could easily just have
told us publicly on the mailing list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue.
Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8
format without encryption and added in ACS GUI with *.domain.tld and
again with domain.tld. I did copy paste the crt and key with and
without -BEGIN CERTIFICATE-- tags. Nothing works. I have the same
GUI error message as before. Management-log shows no errors or even
logs regarding certificate manipulation. I have not created CA key and
certs again. I have confirmed certificate before importing to ACS
using: openssl x509 -in private/vse.somedomain.tls.crt -noout -text
(result below).
 
 Maybe i could just insert new certs straight into the database,
destroy console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the
following:
 
* The certificate you've just generated.
* The private key you've just generated.
* The desired domain name, prefixed with *.; for example,
 *.consoleproxy.company.com

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Suresh Sadhu]

Sure Nitin and as of now I didn't hear anything from France.

Regards
sadhu

-Original Message-
From: Nitin Mehta [mailto:nitin.me...@citrix.com] 
Sent: 08 October 2014 21:57
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Sadhu - Please do update the thread once you have some observation. Thanks

-Nitin

On 08/10/14 5:27 AM, Suresh Sadhu suresh.sa...@citrix.com wrote:

HI France,

I can help  today .
My personal email id is mailtosa...@gmail.com


Regards
sadhu

-Original Message-
From: Stephen Turner [mailto:stephen.tur...@citrix.com]
Sent: 08 October 2014 17:43
To: dev@cloudstack.apache.org
Subject: RE: Urgent. Importing certificate to CS 4.3.1 using GUI

France, I'm sorry, but I'm about to go away for three weeks, and I'm 
not going to have time to work on this.

Is there anyone else who could help France? Is anyone else seeing the 
problem, because I couldn't reproduce it?

--
Stephen Turner



-Original Message-
From: France [mailto:mailingli...@isg.si]
Sent: 08 October 2014 11:44
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Send me a private email and you can test it on my exact system with all 
development options turned on as you wish.
We will do it via remote screen sharing, like VNC, RDP, Teamviewer, ..

Regards,
F.

On 26 Sep 2014, at 16:53, Stephen Turner stephen.tur...@citrix.com
wrote:

 I'm afraid I couldn't reproduce this, even with your certificate and 
private key. Everything I tried, I got Update Certiciate [sic] 
Succeeded.
 
 Does anyone else have a convenient 4.3 and FF 32 that they can try 
and repro this with?
 
 France, if you open the developer tools in Firefox and do this again, 
do you see any errors?
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 26 September 2014 13:44
 To: Stephen Turner
 Cc: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 Issue has been created.
 I would assign it to you, but lack credentials?
 
 https://issues.apache.org/jira/browse/CLOUDSTACK-7635
 
 Regards,
 F.
 
 On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com
wrote:
 
 Yes, I would like a bug report for this. Please assign it to me. 
This bit of UI has been rewritten on master, but it should work the 
same in all browsers, so I'd like to investigate whether it's fixed 
on master, and also whether there are any other similar controls that 
aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the 
problem, that would be great just to make sure that we can repro it.
Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while 
it worked on latest Chrome.
 Because the problem is on the browser side, it did not reach 
management server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also 
advise to update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little 
reluctant to do so, because some of the bug reports i made previously 
just sit there for years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from 
ShapeBlue who kindly offered to sell annual 24/7 support to help me 
sort this issue.
 Too bad they did not want to provide help/support for this one 
incident, which which they have come across already. They could get 
payed well for telling me to use another browser. :-) While i 
appreciate what ShapeBlue does for ACS, they could easily just have 
told us publicly on the mailing list to use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue.
Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 
format without encryption and added in ACS GUI with *.domain.tld and 
again with domain.tld. I did copy paste the crt and key with and 
without -BEGIN CERTIFICATE-- tags. Nothing works. I have the 
same GUI error message as before. Management-log shows no errors or 
even logs regarding certificate manipulation. I have not created CA 
key and certs again. I have confirmed certificate before importing 
to ACS
using: openssl x509 -in private/vse.somedomain.tls.crt -noout -text 
(result below).
 
 Maybe i could just insert new certs straight into the database, 
destroy console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Stephen Turner]

Yes, I would like a bug report for this. Please assign it to me. This bit of UI 
has been rewritten on master, but it should work the same in all browsers, so 
I'd like to investigate whether it's fixed on master, and also whether there 
are any other similar controls that aren't working in FF 32.

If you can attach a public key and other data that illustrates the problem, 
that would be great just to make sure that we can repro it. Thank you.

-- 
Stephen Turner


-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 25 September 2014 14:52
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

There is a bug in ACS 4.3.1 GUI.
The before mentioned process did not work with Firefox 32.0.2, while it worked 
on latest Chrome.
Because the problem is on the browser side, it did not reach management server 
logs at all.
I have done everything correct. Even a couple of times. ;-)

Hopefully this mail will help someone in the future. I would also advise to 
update the documentation on the issue.

Do you want me to open a bug report for this? I am a little reluctant to do so, 
because some of the bug reports i made previously just sit there for years to 
come.

FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
kindly offered to sell annual 24/7 support to help me sort this issue.
Too bad they did not want to provide help/support for this one incident, which 
which they have come across already. They could get payed well for telling me 
to use another browser. :-) While i appreciate what ShapeBlue does for ACS, 
they could easily just have told us publicly on the mailing list to use a 
different browser.

Many thanks to anyone else who actually tried to help on the issue. 
Realhostip.com migration is now officially complete.

Regards,
F.

On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:

 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
   * The certificate you've just generated.
   * The private key you've just generated.
   * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
Validity
Not Before: Sep 25 12:25:32 2014 GMT
Not After : Jun  3 12:25:32 2028 GMT
Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59:76:70:99:
8c:2e:c0:cf:dd:09:3b:fb:6f:8d:43:29:0c:7e:8a:
5c:8d:49:f4:9a:96:ba:54:72:44:d8:fa:aa:64:71:
27:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

Issue has been created.
I would assign it to you, but lack credentials?

https://issues.apache.org/jira/browse/CLOUDSTACK-7635

Regards,
F.

On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com wrote:

 Yes, I would like a bug report for this. Please assign it to me. This bit of 
 UI has been rewritten on master, but it should work the same in all browsers, 
 so I'd like to investigate whether it's fixed on master, and also whether 
 there are any other similar controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the problem, 
 that would be great just to make sure that we can repro it. Thank you.
 
 -- 
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si] 
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
 kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue does 
 for ACS, they could easily just have told us publicly on the mailing list to 
 use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
  * The certificate you've just generated.
  * The private key you've just generated.
  * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
   Data:
   Version: 3 (0x2)
   Serial Number: 4097 (0x1001)
   Signature Algorithm: sha256WithRSAEncryption
   Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
   Validity
   Not Before: Sep 25 12:25:32 2014 GMT
   Not After : Jun  3 12:25:32 2028 GMT
   Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
   Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   Public-Key: (2048 bit)
   Modulus:
   00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
   94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
   72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
   95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
   fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
   fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
   83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
   05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
   b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
   9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
   f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
   28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
   69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
   f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
   d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59:76:70:99:
   8c

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Stephen Turner]

Thanks, I've assigned it to myself.

-- 
Stephen Turner


-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 26 September 2014 13:44
To: Stephen Turner
Cc: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Issue has been created.
I would assign it to you, but lack credentials?

https://issues.apache.org/jira/browse/CLOUDSTACK-7635

Regards,
F.

On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com wrote:

 Yes, I would like a bug report for this. Please assign it to me. This bit of 
 UI has been rewritten on master, but it should work the same in all browsers, 
 so I'd like to investigate whether it's fixed on master, and also whether 
 there are any other similar controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the problem, 
 that would be great just to make sure that we can repro it. Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
 kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue does 
 for ACS, they could easily just have told us publicly on the mailing list to 
 use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
  * The certificate you've just generated.
  * The private key you've just generated.
  * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
   Data:
   Version: 3 (0x2)
   Serial Number: 4097 (0x1001)
   Signature Algorithm: sha256WithRSAEncryption
   Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
   Validity
   Not Before: Sep 25 12:25:32 2014 GMT
   Not After : Jun  3 12:25:32 2028 GMT
   Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
   Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   Public-Key: (2048 bit)
   Modulus:
   00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
   94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
   72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
   95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
   fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
   fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
   83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
   05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
   b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
   9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
   f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[Sebastien Goasguen]

On Sep 25, 2014, at 9:52 AM, France mailingli...@isg.si wrote:

 There is a bug in ACS 4.3.1 GUI.

Do you know if this affects 4.4 and master as well ?

 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 

Can you tell us where the issue in the docs is exactly ? 

 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.

Sorry about that, everyone is welcome to submit patches. Unfortunatley it's 
true that some bugs don't get fixed.

 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
 kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-)
 While i appreciate what ShapeBlue does for ACS, they could easily just have 
 told us publicly on the mailing list to use a different browser.
 

Really most likely an oversight from them, they solve tons of issues in the 
code and on the ML.

 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE—— tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must enter 
 *.domain.tld while you say, it should be just domain.tld
 
 “
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
  • The certificate you’ve just generated.
  • The private key you’ve just generated.
  • The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com
 “
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout -text
 Certificate:
   Data:
   Version: 3 (0x2)
   Serial Number: 4097 (0x1001)
   Signature Algorithm: sha256WithRSAEncryption
   Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
   Validity
   Not Before: Sep 25 12:25:32 2014 GMT
   Not After : Jun  3 12:25:32 2028 GMT
   Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
   Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   Public-Key: (2048 bit)
   Modulus:
   00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
   94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
   72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
   95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
   fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
   fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
   83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
   05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
   b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
   9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
   f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
   28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
   69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
   f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
   d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59:76:70:99:
   8c:2e:c0:cf:dd:09:3b:fb:6f:8d:43:29:0c:7e:8a:
   5c:8d:49:f4:9a:96:ba:54:72:44:d8:fa:aa:64:71:
   27:21
   Exponent: 65537 (0x10001)
   X509v3 extensions:
   X509v3 Basic Constraints: 
   CA:FALSE
   X509v3 Key Usage: 
   Digital Signature, Non Repudiation, Key Encipherment
   Netscape Comment: 
   OpenSSL Generated Certificate
   X509v3 Subject Key Identifier: 
   

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Stephen Turner]

The UI code on master is different because it was rewritten for the realhostip 
shutdown. But I will check whether that works properly with Firefox too.

-- 
Stephen Turner


-Original Message-
From: Sebastien Goasguen [mailto:run...@gmail.com] 
Sent: 26 September 2014 13:52
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI


On Sep 25, 2014, at 9:52 AM, France mailingli...@isg.si wrote:

 There is a bug in ACS 4.3.1 GUI.

Do you know if this affects 4.4 and master as well ?

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

On 26 Sep 2014, at 14:52, Sebastien Goasguen run...@gmail.com wrote:

 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 
 Can you tell us where the issue in the docs is exactly ? 

For 4.3 on http://docs.cloudstack.apache.org/ administration documentation.

The docs that should be changed are at:

http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.4/systemvm.html?highlight=console%20proxy#changing-the-console-proxy-ssl-certificate-and-domain

Just below 3. step : In the Update SSL Certificate screen of the CloudStack 
UI, paste the following:
It says one must enter *.domain.tld while it should be just domain.tld without 
* 

And below that, there should be a note like:
Importing certificate in Infrastructure - SSL Certificate does/might not work 
with Firefox, but works with Chrome.

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Stephen Turner]

I'm afraid I couldn't reproduce this, even with your certificate and private 
key. Everything I tried, I got Update Certiciate [sic] Succeeded.

Does anyone else have a convenient 4.3 and FF 32 that they can try and repro 
this with?

France, if you open the developer tools in Firefox and do this again, do you 
see any errors?

-- 
Stephen Turner


-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 26 September 2014 13:44
To: Stephen Turner
Cc: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Issue has been created.
I would assign it to you, but lack credentials?

https://issues.apache.org/jira/browse/CLOUDSTACK-7635

Regards,
F.

On 26 Sep 2014, at 11:47, Stephen Turner stephen.tur...@citrix.com wrote:

 Yes, I would like a bug report for this. Please assign it to me. This bit of 
 UI has been rewritten on master, but it should work the same in all browsers, 
 so I'd like to investigate whether it's fixed on master, and also whether 
 there are any other similar controls that aren't working in FF 32.
 
 If you can attach a public key and other data that illustrates the problem, 
 that would be great just to make sure that we can repro it. Thank you.
 
 --
 Stephen Turner
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si]
 Sent: 25 September 2014 14:52
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
 kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue does 
 for ACS, they could easily just have told us publicly on the mailing list to 
 use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
  * The certificate you've just generated.
  * The private key you've just generated.
  * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
   Data:
   Version: 3 (0x2)
   Serial Number: 4097 (0x1001)
   Signature Algorithm: sha256WithRSAEncryption
   Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
   Validity
   Not Before: Sep 25 12:25:32 2014 GMT
   Not After : Jun  3 12:25:32 2028 GMT
   Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
   Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   Public-Key: (2048 bit)
   Modulus:
   00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
   94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
   72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
   95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
   fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
   fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
   83:18:f1:77:c9:3a:1e:de

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

Tnx Amogh,

i have checked management-server.log and no new entries or errors regarding 
certificate operation are written at the time when i get Failed to update SSL 
Certificate. error message. I tried it a couple of times. I also used 
somedomain.tld in the GUI. Certificate is for *.somedomain.tld.
I will go thru whole create CA and certificate process again and retry.
There must be some simple mistake in my process somewhere. Lack of errors in 
logs, is also strange. :-/

Regards,
F.

On 24 Sep 2014, at 21:10, Amogh Vasekar amogh.vase...@citrix.com wrote:

 Hi,
 
 Couple of things :
 
 1. The error will be logged to the cloudstack management server log file
 (management-server.log) and would really help to know what it is.
 2. While uploading the certificate, the domain_suffix should be
 somedomain.tld and not *.somedomain.tld (the asterisk is only for global
 config so that cloudstack can distinguish between HTTP and HTTPS modes)
 
 Thanks
 Amogh
 
 On 9/24/14 7:40 AM, France mailingli...@isg.si wrote:
 
 Hi guys,
 
 i want to migrate away from realhostip.com. I have set up DNS service in
 no time, but am having problems importing certificates to ACS 3.4.1.
 
 I created my own CA like this:
 
 cd /etc/pki/CA
 touch index.txt
 echo 1000  serial
 openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096
 chmod 400 /etc/pki/CA/private/ca.key.pem
 nano -w /etc/pki/tls/openssl.cnf
 openssl req -new -x509 -days 63650 -key /etc/pki/CA/private/ca.key.pem
 -sha256 -extensions v3_ca -out /etc/pki/CA/certs/ca.cert.pem
 
 
 Signed my own keys and converted them to pkcs8 format like this:
 
 cd /etc/pki/CA
 openssl genrsa -out private/vse.somedomain.tld.key.pem 4096
 chmod 400 private/vse.somedomain.tld.key.pem
 openssl req -sha256 -new -key private/vse.somedomain.tld.key.pem  -out
 certs/vse.somedomain.tld.csr.pem
 openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem
 -extensions usr_cert -notext -md sha256 -days 63649 -in
 certs/vse.somedomain.tld.csr.pem -out certs/vse.somedomain.tld.cert.pem
 openssl pkcs8 -topk8 -in private/vse.somedomain.tld.key.pem -out
 private/vse.somedomain.tld.key.encrypted.pkcs8
 openssl pkcs8 -in private/vse.somedomain.tld.key.encrypted.pkcs8 -out
 private/vse.somedomain.tld.key.pkcs8
 chmod 400 private/vse.somedomain.tld.key.encrypted.pkcs8
 chmod 400 private/vse.somedomain.tld.key.pkcs8
 
 
 
 But when trying to import it via GUI: infrastructure - SSL Certificate:
 Certificate from vse.somedomain.tld.cert.pem
 PKCS8 from private/vse.somedomain.tld.key.pkcs8
 DNS domain suffix to: *.somedomain.tld
 
 But it fails with:
 Failed to update SSL Certificate.
 
 Please help me upload the new certificate.
 Catalina.out shows no error. I have no idea what else to check.
 
 Thank you.
 F.
 
 
 

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

I have created new key and csr. Signed it, converted key to pkcs8 format 
without encryption and added in ACS GUI with *.domain.tld and again with 
domain.tld. I did copy paste the crt and key with and without -BEGIN 
CERTIFICATE—— tags. Nothing works. I have the same GUI error message as before. 
Management-log shows no errors or even logs regarding certificate manipulation. 
I have not created CA key and certs again. I have confirmed certificate before 
importing to ACS using: openssl x509 -in private/vse.somedomain.tls.crt -noout 
-text (result below).

Maybe i could just insert new certs straight into the database, destroy console 
proxy and see what happens.
Any more ideas?

Also there is a bug in 4.3 documentation, because it says one must enter 
*.domain.tld while you say, it should be just domain.tld

“
In the Update SSL Certificate screen of the CloudStack UI, paste the following:

• The certificate you’ve just generated.
• The private key you’ve just generated.
• The desired domain name, prefixed with *.; for example, 
*.consoleproxy.company.com
“


[root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT department, 
CN=optimus.si/emailAddress=sis...@xxxb.si
Validity
Not Before: Sep 25 12:25:32 2014 GMT
Not After : Jun  3 12:25:32 2028 GMT
Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
CN=*.somedomain.si/emailAddress=sis...@xxxb.si
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59:76:70:99:
8c:2e:c0:cf:dd:09:3b:fb:6f:8d:43:29:0c:7e:8a:
5c:8d:49:f4:9a:96:ba:54:72:44:d8:fa:aa:64:71:
27:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: 
CA:FALSE
X509v3 Key Usage: 
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment: 
OpenSSL Generated Certificate
X509v3 Subject Key Identifier: 
13:B4:E9:B7:EA:67:BC:00:BA:20:F9:9D:AB:02:14:0D:22:B4:F7:5B
X509v3 Authority Key Identifier: 

keyid:B9:4F:AC:D0:CA:A4:32:E0:A0:49:48:8D:D4:C9:6A:6D:6F:6C:8F:42

Signature Algorithm: sha256WithRSAEncryption
 a9:f2:77:c2:10:9b:87:f4:44:9c:57:52:1b:dc:70:a7:e2:bf:
 97:8d:bb:3d:bc:b7:a9:90:55:75:43:47:ac:bf:6f:2a:5e:90:
 b1:5b:8c:41:e7:5a:51:2a:f7:db:2e:6a:37:e5:6e:18:3a:88:
 ae:10:42:1e:97:4c:75:e9:8a:51:37:8f:e9:99:bc:40:46:18:
 85:18:ce:6f:03:24:c7:b3:43:f2:53:51:34:36:70:d8:3b:84:
 09:70:91:13:51:a9:b7:30:e4:d3:f7:1a:34:f4:6b:25:b7:46:
 a1:dd:b7:eb:19:b3:03:be:b5:3d:12:b7:ee:a9:47:26:17:89:
 ef:06:9e:90:b4:78:5d:d9:52:1c:b4:0d:14:f2:37:64:9a:d8:
 4d:89:95:1e:c0:6b:14:93:e8:ea:91:84:69:c5:22:1f:d2:82:
 54:bd:fe:06:f8:ea:f3:66:a1:27:41:72:88:25:78:eb:2b:1b:
 73:fb:98:0f:00:58:b0:43:22:5b:3b:ea:89:b5:4f:3e:2a:ed:
 92:5f:48:37:39:ec:39:6c:b5:73:d3:0d:9c:ff:3b:37:92:5b:
 c6:ef:64:65:7a:99:1a:be:09:0e:bb:62:1b:9f:9e:ad:5d:cf:
 32:8c:81:42:c2:d9:11:65:64:8d:ce:5e:f5:b4:77:66:74:eb:
 10:d5:7e:58:d7:ba:70:fe:96:4b:94:f5:66:5c:af:57:ae:e0:
 ad:72:7a:ef:04:80:7e:4b:6d:ee:13:e2:de:20:94:4e:bb:7b:
 a6:87:0f:92:d8:c4:01:9b:50:fd:b4:0b:60:b2:93:91:32:ce:
 31:f9:b7:4f:a0:72:71:a1:87:b4:02:ff:5b:49:c1:2f:a1:6d:
 13:98:c1:81:9c:33:f6:61:b9:f9:47:7b:7b:2a:b2:e0:7b:21:
 4b:67:c0:23:04:b7:08:e5:7d:a3:44:b5:a5:aa:ce:03:be:93:
 cb:78:fe:2d:e5:a7:61:20:03:b2:a1:ac:92:41:54:c0:25:b5:
 32:c6:c5:83:49:7a:cd:a8:16:4e:80:f2:05:9c:47:17:74:1f:
 

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

There is a bug in ACS 4.3.1 GUI.
The before mentioned process did not work with Firefox 32.0.2, while it worked 
on latest Chrome.
Because the problem is on the browser side, it did not reach management server 
logs at all.
I have done everything correct. Even a couple of times. ;-)

Hopefully this mail will help someone in the future. I would also advise to 
update the documentation on the issue.

Do you want me to open a bug report for this? I am a little reluctant to do so, 
because some of the bug reports i made previously just sit there for years to 
come.

FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
kindly offered to sell annual 24/7 support to help me sort this issue.
Too bad they did not want to provide help/support for this one incident, which 
which they have come across already. They could get payed well for telling me 
to use another browser. :-)
While i appreciate what ShapeBlue does for ACS, they could easily just have 
told us publicly on the mailing list to use a different browser.

Many thanks to anyone else who actually tried to help on the issue. 
Realhostip.com migration is now officially complete.

Regards,
F.

On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:

 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE—— tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must enter 
 *.domain.tld while you say, it should be just domain.tld
 
 “
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
   • The certificate you’ve just generated.
   • The private key you’ve just generated.
   • The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com
 “
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout -text
 Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
Validity
Not Before: Sep 25 12:25:32 2014 GMT
Not After : Jun  3 12:25:32 2028 GMT
Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59:76:70:99:
8c:2e:c0:cf:dd:09:3b:fb:6f:8d:43:29:0c:7e:8a:
5c:8d:49:f4:9a:96:ba:54:72:44:d8:fa:aa:64:71:
27:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: 
CA:FALSE
X509v3 Key Usage: 
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment: 
OpenSSL Generated Certificate
X509v3 Subject Key Identifier: 
13:B4:E9:B7:EA:67:BC:00:BA:20:F9:9D:AB:02:14:0D:22:B4:F7:5B
X509v3 Authority Key Identifier: 

 keyid:B9:4F:AC:D0:CA:A4:32:E0:A0:49:48:8D:D4:C9:6A:6D:6F:6C:8F:42
 
Signature Algorithm: sha256WithRSAEncryption
 a9:f2:77:c2:10:9b:87:f4:44:9c:57:52:1b:dc:70:a7:e2:bf:
 97:8d:bb:3d:bc:b7:a9:90:55:75:43:47:ac:bf:6f:2a:5e:90:
 

RE: Urgent. Importing certificate to CS 4.3.1 using GUI

[Suresh Sadhu]

HI France,

Did you import  the certificate in firefox . In firefox we need to explicitly 
import the certificate

Please check below procedure to import the certificate in firefox:

go to the Tools menu and select Options In the Options window, go to the 
Advanced section - Encryption tab and click the View certificates button.
In the Certificate Manager window, switch to the Authorities tab and click the 
Import... button to import your  .crt certificate
In the Downloading Certificate window ,check the trust the CA identity to 
identify websites and clickOK button.

Then open the new firefox session and try to  check the console view.hope you 
will see the same result what you seen with chrome browser.

Regards
sadhu



-Original Message-
From: France [mailto:mailingli...@isg.si] 
Sent: 25 September 2014 19:22
To: dev@cloudstack.apache.org
Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI

There is a bug in ACS 4.3.1 GUI.
The before mentioned process did not work with Firefox 32.0.2, while it worked 
on latest Chrome.
Because the problem is on the browser side, it did not reach management server 
logs at all.
I have done everything correct. Even a couple of times. ;-)

Hopefully this mail will help someone in the future. I would also advise to 
update the documentation on the issue.

Do you want me to open a bug report for this? I am a little reluctant to do so, 
because some of the bug reports i made previously just sit there for years to 
come.

FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
kindly offered to sell annual 24/7 support to help me sort this issue.
Too bad they did not want to provide help/support for this one incident, which 
which they have come across already. They could get payed well for telling me 
to use another browser. :-) While i appreciate what ShapeBlue does for ACS, 
they could easily just have told us publicly on the mailing list to use a 
different browser.

Many thanks to anyone else who actually tried to help on the issue. 
Realhostip.com migration is now officially complete.

Regards,
F.

On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:

 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
   * The certificate you've just generated.
   * The private key you've just generated.
   * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
Validity
Not Before: Sep 25 12:25:32 2014 GMT
Not After : Jun  3 12:25:32 2028 GMT
Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

You are talking about importing CA root certificate into client machine, while 
i was clearly talking about importing certificate into the ACS 3.2.1 install to 
be used by console proxy.

Of course you need to import the CA root certificate not to get warnings on the 
client side, but only _after_ the server certificate is installed/changed via 
ACS GUI - infrastructure - SSL Certificate. This procedure does not work with 
Firefox, but does work in Chrome.

Regards,
F.

On 25 Sep 2014, at 16:26, Suresh Sadhu suresh.sa...@citrix.com wrote:

 HI France,
 
 Did you import  the certificate in firefox . In firefox we need to explicitly 
 import the certificate
 
 Please check below procedure to import the certificate in firefox:
 
 go to the Tools menu and select Options In the Options window, go to the 
 Advanced section - Encryption tab and click the View certificates button.
 In the Certificate Manager window, switch to the Authorities tab and click 
 the Import... button to import your  .crt certificate
 In the Downloading Certificate window ,check the trust the CA identity to 
 identify websites and clickOK button.
 
 Then open the new firefox session and try to  check the console view.hope you 
 will see the same result what you seen with chrome browser.
 
 Regards
 sadhu
 
 
 
 -Original Message-
 From: France [mailto:mailingli...@isg.si] 
 Sent: 25 September 2014 19:22
 To: dev@cloudstack.apache.org
 Subject: Re: Urgent. Importing certificate to CS 4.3.1 using GUI
 
 There is a bug in ACS 4.3.1 GUI.
 The before mentioned process did not work with Firefox 32.0.2, while it 
 worked on latest Chrome.
 Because the problem is on the browser side, it did not reach management 
 server logs at all.
 I have done everything correct. Even a couple of times. ;-)
 
 Hopefully this mail will help someone in the future. I would also advise to 
 update the documentation on the issue.
 
 Do you want me to open a bug report for this? I am a little reluctant to do 
 so, because some of the bug reports i made previously just sit there for 
 years to come.
 
 FYI also got contacted off the mailing list by Steve Roles from ShapeBlue who 
 kindly offered to sell annual 24/7 support to help me sort this issue.
 Too bad they did not want to provide help/support for this one incident, 
 which which they have come across already. They could get payed well for 
 telling me to use another browser. :-) While i appreciate what ShapeBlue does 
 for ACS, they could easily just have told us publicly on the mailing list to 
 use a different browser.
 
 Many thanks to anyone else who actually tried to help on the issue. 
 Realhostip.com migration is now officially complete.
 
 Regards,
 F.
 
 On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:
 
 I have created new key and csr. Signed it, converted key to pkcs8 format 
 without encryption and added in ACS GUI with *.domain.tld and again with 
 domain.tld. I did copy paste the crt and key with and without -BEGIN 
 CERTIFICATE-- tags. Nothing works. I have the same GUI error message as 
 before. Management-log shows no errors or even logs regarding certificate 
 manipulation. I have not created CA key and certs again. I have confirmed 
 certificate before importing to ACS using: openssl x509 -in 
 private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy 
 console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must 
 enter *.domain.tld while you say, it should be just domain.tld
 
 
 In the Update SSL Certificate screen of the CloudStack UI, paste the 
 following:
 
  * The certificate you've just generated.
  * The private key you've just generated.
  * The desired domain name, prefixed with *.; for example, 
 *.consoleproxy.company.com 
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout 
 -text
 Certificate:
   Data:
   Version: 3 (0x2)
   Serial Number: 4097 (0x1001)
   Signature Algorithm: sha256WithRSAEncryption
   Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT 
 department, CN=optimus.si/emailAddress=sis...@xxxb.si
   Validity
   Not Before: Sep 25 12:25:32 2014 GMT
   Not After : Jun  3 12:25:32 2028 GMT
   Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department, 
 CN=*.somedomain.si/emailAddress=sis...@xxxb.si
   Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   Public-Key: (2048 bit)
   Modulus:
   00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
   94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
   72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
   95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
   fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
   fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[Amogh Vasekar]

Thanks for letting us know, I will follow-up with the doc folks to fix the
notes published.
Funny that the GUI is not working right with FF 32.0.2.
I know they changed the pkix libraries they use (I hit it while testing
something on ACS), but this bug may call for more testing on FF to see if
anything else is broken.

Thanks
Amogh 

On 9/25/14 6:52 AM, France mailingli...@isg.si wrote:

There is a bug in ACS 4.3.1 GUI.
The before mentioned process did not work with Firefox 32.0.2, while it
worked on latest Chrome.
Because the problem is on the browser side, it did not reach management
server logs at all.
I have done everything correct. Even a couple of times. ;-)

Hopefully this mail will help someone in the future. I would also advise
to update the documentation on the issue.

Do you want me to open a bug report for this? I am a little reluctant to
do so, because some of the bug reports i made previously just sit there
for years to come.

FYI also got contacted off the mailing list by Steve Roles from ShapeBlue
who kindly offered to sell annual 24/7 support to help me sort this issue.
Too bad they did not want to provide help/support for this one incident,
which which they have come across already. They could get payed well
for telling me to use another browser. :-)
While i appreciate what ShapeBlue does for ACS, they could easily just
have told us publicly on the mailing list to use a different browser.

Many thanks to anyone else who actually tried to help on the issue.
Realhostip.com migration is now officially complete.

Regards,
F.

On 25 Sep 2014, at 14:54, France mailingli...@isg.si wrote:

 I have created new key and csr. Signed it, converted key to pkcs8
format without encryption and added in ACS GUI with *.domain.tld and
again with domain.tld. I did copy paste the crt and key with and without
-BEGIN CERTIFICATE‹‹ tags. Nothing works. I have the same GUI error
message as before. Management-log shows no errors or even logs regarding
certificate manipulation. I have not created CA key and certs again. I
have confirmed certificate before importing to ACS using: openssl x509
-in private/vse.somedomain.tls.crt -noout -text (result below).
 
 Maybe i could just insert new certs straight into the database, destroy
console proxy and see what happens.
 Any more ideas?
 
 Also there is a bug in 4.3 documentation, because it says one must
enter *.domain.tld while you say, it should be just domain.tld
 
 ³
 In the Update SSL Certificate screen of the CloudStack UI, paste the
following:
 
  € The certificate you¹ve just generated.
  € The private key you¹ve just generated.
  € The desired domain name, prefixed with *.; for example,
*.consoleproxy.company.com
 ³
 
 
 [root@mc1 private]# openssl x509 -in vse.somedomain.si.crt -noout -text
 Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SI, ST=Slovenia, L=Ljubljana, O=XXX d.o.o., OU=IT
department, CN=optimus.si/emailAddress=sis...@xxxb.si
Validity
Not Before: Sep 25 12:25:32 2014 GMT
Not After : Jun  3 12:25:32 2028 GMT
Subject: C=SI, ST=Slovenia, O=XXX d.o.o., OU=IT department,
CN=*.somedomain.si/emailAddress=sis...@xxxb.si
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:50:02:21:7a:49:b1:48:07:96:21:87:69:1d:
94:6f:d8:4f:0b:31:f4:8f:6f:e4:b2:78:94:38:d4:
72:92:5b:d5:43:73:aa:e4:33:48:31:11:5a:62:7e:
95:2b:e1:78:11:81:f0:ef:1a:0d:d0:52:90:47:2b:
fd:ab:0d:89:57:fa:ee:6b:3b:d1:24:c9:a9:6d:d6:
fb:0f:14:e3:72:63:a7:75:3d:3e:f5:57:45:09:7e:
83:18:f1:77:c9:3a:1e:de:6f:cd:43:0f:84:11:08:
05:3b:da:ed:3e:a6:65:7c:e9:3f:3b:b9:73:b3:87:
b6:a2:14:af:fd:3e:a9:6f:0f:e4:fb:4d:91:70:d6:
9a:78:b8:00:2e:f0:ad:24:07:01:64:b8:1f:ce:62:
f6:83:e3:fb:45:b9:3e:a1:c3:e6:de:87:d9:37:d3:
28:cf:20:6c:f9:78:5f:24:64:fb:d4:dd:79:90:87:
69:36:ad:83:3d:bd:ab:fd:aa:1d:6a:a6:b8:d5:8a:
f9:d6:e4:f0:db:9a:81:d4:41:e9:19:bf:a5:e8:fb:
d9:f5:e2:50:3c:4d:01:6d:3d:96:26:59:76:70:99:
8c:2e:c0:cf:dd:09:3b:fb:6f:8d:43:29:0c:7e:8a:
5c:8d:49:f4:9a:96:ba:54:72:44:d8:fa:aa:64:71:
27:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:

Urgent. Importing certificate to CS 4.3.1 using GUI

[France]

Hi guys,

i want to migrate away from realhostip.com. I have set up DNS service in no 
time, but am having problems importing certificates to ACS 3.4.1.

I created my own CA like this:

cd /etc/pki/CA
touch index.txt
echo 1000  serial
openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096
chmod 400 /etc/pki/CA/private/ca.key.pem
 nano -w /etc/pki/tls/openssl.cnf
openssl req -new -x509 -days 63650 -key /etc/pki/CA/private/ca.key.pem  -sha256 
-extensions v3_ca -out /etc/pki/CA/certs/ca.cert.pem 


Signed my own keys and converted them to pkcs8 format like this:

cd /etc/pki/CA
openssl genrsa -out private/vse.somedomain.tld.key.pem 4096
chmod 400 private/vse.somedomain.tld.key.pem
openssl req -sha256 -new -key private/vse.somedomain.tld.key.pem  -out 
certs/vse.somedomain.tld.csr.pem
openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem -extensions 
usr_cert -notext -md sha256 -days 63649 -in certs/vse.somedomain.tld.csr.pem 
-out certs/vse.somedomain.tld.cert.pem
openssl pkcs8 -topk8 -in private/vse.somedomain.tld.key.pem -out 
private/vse.somedomain.tld.key.encrypted.pkcs8
openssl pkcs8 -in private/vse.somedomain.tld.key.encrypted.pkcs8 -out 
private/vse.somedomain.tld.key.pkcs8
chmod 400 private/vse.somedomain.tld.key.encrypted.pkcs8 
chmod 400 private/vse.somedomain.tld.key.pkcs8



But when trying to import it via GUI: infrastructure - SSL Certificate:
Certificate from vse.somedomain.tld.cert.pem
PKCS8 from private/vse.somedomain.tld.key.pkcs8
DNS domain suffix to: *.somedomain.tld

But it fails with:
Failed to update SSL Certificate.

Please help me upload the new certificate.
Catalina.out shows no error. I have no idea what else to check.

Thank you.
F.

Re: Urgent. Importing certificate to CS 4.3.1 using GUI

[Amogh Vasekar]

Hi,

Couple of things :

1. The error will be logged to the cloudstack management server log file
(management-server.log) and would really help to know what it is.
2. While uploading the certificate, the domain_suffix should be
somedomain.tld and not *.somedomain.tld (the asterisk is only for global
config so that cloudstack can distinguish between HTTP and HTTPS modes)

Thanks
Amogh

On 9/24/14 7:40 AM, France mailingli...@isg.si wrote:

Hi guys,

i want to migrate away from realhostip.com. I have set up DNS service in
no time, but am having problems importing certificates to ACS 3.4.1.

I created my own CA like this:

cd /etc/pki/CA
touch index.txt
echo 1000  serial
openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096
chmod 400 /etc/pki/CA/private/ca.key.pem
 nano -w /etc/pki/tls/openssl.cnf
openssl req -new -x509 -days 63650 -key /etc/pki/CA/private/ca.key.pem
-sha256 -extensions v3_ca -out /etc/pki/CA/certs/ca.cert.pem


Signed my own keys and converted them to pkcs8 format like this:

cd /etc/pki/CA
openssl genrsa -out private/vse.somedomain.tld.key.pem 4096
chmod 400 private/vse.somedomain.tld.key.pem
openssl req -sha256 -new -key private/vse.somedomain.tld.key.pem  -out
certs/vse.somedomain.tld.csr.pem
openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem
-extensions usr_cert -notext -md sha256 -days 63649 -in
certs/vse.somedomain.tld.csr.pem -out certs/vse.somedomain.tld.cert.pem
openssl pkcs8 -topk8 -in private/vse.somedomain.tld.key.pem -out
private/vse.somedomain.tld.key.encrypted.pkcs8
openssl pkcs8 -in private/vse.somedomain.tld.key.encrypted.pkcs8 -out
private/vse.somedomain.tld.key.pkcs8
chmod 400 private/vse.somedomain.tld.key.encrypted.pkcs8
chmod 400 private/vse.somedomain.tld.key.pkcs8



But when trying to import it via GUI: infrastructure - SSL Certificate:
Certificate from vse.somedomain.tld.cert.pem
PKCS8 from private/vse.somedomain.tld.key.pkcs8
DNS domain suffix to: *.somedomain.tld

But it fails with:
Failed to update SSL Certificate.

Please help me upload the new certificate.
Catalina.out shows no error. I have no idea what else to check.

Thank you.
F.