Thanks Nitin,
On 01-Oct-2014, at 10:06 pm, Nitin Mehta wrote:
> Just an FYI - For troubleshooting in this area do refer to
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+up
> loading+custom+domain+certificate+instead+of+using+realhostip.com
I actually read this wiki a
Just an FYI - For troubleshooting in this area do refer to
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+up
loading+custom+domain+certificate+instead+of+using+realhostip.com
Thanks,
-Nitin
On 01/10/14 12:17 PM, "Rohit Yadav" wrote:
>Hi Amogh,
>
>Thanks for pointing in
Hi Amogh,
Thanks for pointing in the direction of checking the keystore table. I found a
certificate entry the content of which was in bad PEM format (newline errors,
url encode error I think), the other certs were uploaded using a patched
CloudMonkey (fix went today into master) which would ur
Hi Amogh,
Thanks for replying. Here the contents from the keystore table (minus sensitive
information):
id, name, domain_suffix, seq
1 | CPVMCertificate | custom.domain.com | null
2 | root | realhostip.com | 0
4 | newroot | custom.domain.com | 1
5 | inter1 | custom.domain.com | 2
6 | inter2 | c
us
paul.an...@shapeblue.com
-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com]
Sent: 01 October 2014 18:15
To: us...@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: Unable to upload SSL certificate for realhostip replacement
Hi,
Can you please paste the conte
Hi,
Can you please paste the contents of the keystore table (minus the private
key of course)?
For SSVM, in 4.2, the certificate chain was not configured correctly and
it would only use the server certificate when configuring Apache. It did
not impact functionality though.
This is not true for CP
Hi Amogh,
I’ve a different issue, CPVM is opening the console but the HTTP service is
returning old *.realhostip.com certificate.
I debugged CPVM agent to find that it’s not picking up the keystore sent from
Management server. This issue is like:
https://issues.apache.org/jira/browse/CLOUDSTAC
Hi,
For 4.2 you may want to refer here :
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certif
icate-chains-in-cloudstack.html
4.3 had a missing commit, due to which the global config
consoleproxy.url.domain had to be set to "mydomain.com", instead of
"*.mydomain.com". This
Just to update on the certificate upload issue with 4.2:
I’m able to download and add new volumes/templates/isos and the link provided
has a valid https url with the same certificate that I uploaded though when I
try to access the console I get SSL cert error and I see that it’s still
returning
Hi,
I’ve fixed cloudmonkey to url encode parameters so now you can use cloudmonkey
to upload custom certificate but only in non-interactive mode on shell
(bash/zsh). You’ll have to install cloudmonkey from source for now since the
fix is only on master.
Something like:
$ cloudmonkey upload cus
Hi,
For the encoding, in your case it was the space character causing the
issue - it should be replaced by %20. The correct encoding would be
(hoping mail clients don't screw up the blob):
-BEGIN%20CERTIFICATE-%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQU
AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDV
Hi Wido,
I have changed the value of secstorage.ssl.cert.domain and restart
management server, before I start uploading all the certificates.
I found this article, which might be related to the problem:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+uploading+custom+dom
> Op 27 sep. 2014 om 19:25 heeft Indra Pramana het volgende
> geschreven:
>
> Dear all,
>
> FYI, I managed to complete the tasks and install the certificates. As a
> workaround to the unable to upload the root/intermediate cert via API
> issue, I uploaded a certificate with just "BEGIN" as
Dear all,
FYI, I managed to complete the tasks and install the certificates. As a
workaround to the unable to upload the root/intermediate cert via API
issue, I uploaded a certificate with just "BEGIN" as text via API, and then
proceed to update the keystore table on the MySQL database directly to
Dear all,
Apologise for sending quite a lot of emails tonight. Anyone knows if it's
safe for me to update the keystore table on the database directly? Since
the API call doesn't work.
Thank you.
On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana wrote:
> Only if I key in the certificate as "BEGI
Only if I key in the certificate as "BEGIN", then it seems to be accepting.
But of course, the certificate is invalid.
1efe722a-e7c7-4c43-9f6b-67ce860dbe34
Is it my browser issue? I have tried using two different browsers: Firefox
and Chrome, and both are having the same problem.
On Sun, Sep
I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" without the
"-" and the content of the certificate itself. Same problem persists,
it says parameter certificate is invalid, contains illegal ASCII
non-printable characters.
431
Received value BEGIN CERTIFICATE END CERTIFICATE f
Hi Amogh and all,
To add, I am using RapidSSL and I got the root and intermediate CAs from
here:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457
I have ensured that the encoding is done correctly, but still there's issue
when I tried to
Hi Amogh,
I tried again tonight, still the same. Not too sure why, is it something
wrong with the certificate? But I have confirmed that it's the correct root
certificate from my CA.
Any other advice?
Looking forward to your reply, thank you.
Cheers.
On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vas
Can you try using http://meyerweb.com/eric/tools/dencoder/
Amogh
On 9/22/14 4:36 AM, "Indra Pramana" wrote:
>Dear all,
>
>I am following the instruction on this documentation to replace
>realhostip.com with my own domain.
>
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re
20 matches
Mail list logo
