Thanks Nitin,
On 01-Oct-2014, at 10:06 pm, Nitin Mehta wrote:
> Just an FYI - For troubleshooting in this area do refer to
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+up
> loading+custom+domain+certificate+instead+of+using+realhostip.com
I actually read this wiki a
Just an FYI - For troubleshooting in this area do refer to
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+up
loading+custom+domain+certificate+instead+of+using+realhostip.com
Thanks,
-Nitin
On 01/10/14 12:17 PM, "Rohit Yadav" wrote:
>Hi Amogh,
>
>Thanks for pointing in
Hi Amogh,
Thanks for pointing in the direction of checking the keystore table. I found a
certificate entry the content of which was in bad PEM format (newline errors,
url encode error I think), the other certs were uploaded using a patched
CloudMonkey (fix went today into master) which would ur
Hi Amogh,
Thanks for replying. Here the contents from the keystore table (minus sensitive
information):
id, name, domain_suffix, seq
1 | CPVMCertificate | custom.domain.com | null
2 | root | realhostip.com | 0
4 | newroot | custom.domain.com | 1
5 | inter1 | custom.domain.com | 2
6 | inter2 | c
us
paul.an...@shapeblue.com
-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com]
Sent: 01 October 2014 18:15
To: users@cloudstack.apache.org
Cc: d...@cloudstack.apache.org
Subject: Re: Unable to upload SSL certificate for realhostip replacement
Hi,
Can you please paste the conte
Hi,
Can you please paste the contents of the keystore table (minus the private
key of course)?
For SSVM, in 4.2, the certificate chain was not configured correctly and
it would only use the server certificate when configuring Apache. It did
not impact functionality though.
This is not true for CP
Hi Amogh,
I’ve a different issue, CPVM is opening the console but the HTTP service is
returning old *.realhostip.com certificate.
I debugged CPVM agent to find that it’s not picking up the keystore sent from
Management server. This issue is like:
https://issues.apache.org/jira/browse/CLOUDSTAC
Hi,
For 4.2 you may want to refer here :
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certif
icate-chains-in-cloudstack.html
4.3 had a missing commit, due to which the global config
consoleproxy.url.domain had to be set to "mydomain.com", instead of
"*.mydomain.com". This
Just to update on the certificate upload issue with 4.2:
I’m able to download and add new volumes/templates/isos and the link provided
has a valid https url with the same certificate that I uploaded though when I
try to access the console I get SSL cert error and I see that it’s still
returning
Hi,
I’ve fixed cloudmonkey to url encode parameters so now you can use cloudmonkey
to upload custom certificate but only in non-interactive mode on shell
(bash/zsh). You’ll have to install cloudmonkey from source for now since the
fix is only on master.
Something like:
$ cloudmonkey upload cus
Hi,
For the encoding, in your case it was the space character causing the
issue - it should be replaced by %20. The correct encoding would be
(hoping mail clients don't screw up the blob):
-BEGIN%20CERTIFICATE-%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQU
AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDV
Hi Wido,
I have changed the value of secstorage.ssl.cert.domain and restart
management server, before I start uploading all the certificates.
I found this article, which might be related to the problem:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+uploading+custom+dom
> Op 27 sep. 2014 om 19:25 heeft Indra Pramana het volgende
> geschreven:
>
> Dear all,
>
> FYI, I managed to complete the tasks and install the certificates. As a
> workaround to the unable to upload the root/intermediate cert via API
> issue, I uploaded a certificate with just "BEGIN" as
Dear all,
FYI, I managed to complete the tasks and install the certificates. As a
workaround to the unable to upload the root/intermediate cert via API
issue, I uploaded a certificate with just "BEGIN" as text via API, and then
proceed to update the keystore table on the MySQL database directly to
Dear all,
Apologise for sending quite a lot of emails tonight. Anyone knows if it's
safe for me to update the keystore table on the database directly? Since
the API call doesn't work.
Thank you.
On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana wrote:
> Only if I key in the certificate as "BEGI
Only if I key in the certificate as "BEGIN", then it seems to be accepting.
But of course, the certificate is invalid.
1efe722a-e7c7-4c43-9f6b-67ce860dbe34
Is it my browser issue? I have tried using two different browsers: Firefox
and Chrome, and both are having the same problem.
On Sun, Sep
I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" without the
"-" and the content of the certificate itself. Same problem persists,
it says parameter certificate is invalid, contains illegal ASCII
non-printable characters.
431
Received value BEGIN CERTIFICATE END CERTIFICATE f
Hi Amogh and all,
To add, I am using RapidSSL and I got the root and intermediate CAs from
here:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457
I have ensured that the encoding is done correctly, but still there's issue
when I tried to
Hi Amogh,
I tried again tonight, still the same. Not too sure why, is it something
wrong with the certificate? But I have confirmed that it's the correct root
certificate from my CA.
Any other advice?
Looking forward to your reply, thank you.
Cheers.
On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vas
Can you try using http://meyerweb.com/eric/tools/dencoder/
Amogh
On 9/22/14 4:36 AM, "Indra Pramana" wrote:
>Dear all,
>
>I am following the instruction on this documentation to replace
>realhostip.com with my own domain.
>
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re
Dear all,
I am following the instruction on this documentation to replace
realhostip.com with my own domain.
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
Everything is fine until I need to upload the root certificate via API
Hi Kirk and Amogh,
Thanks for the replies. Will do.
Cheers.
On Thu, Sep 4, 2014 at 2:35 AM, Amogh Vasekar
wrote:
> True.
> As Kirk pointed out, please make sure the wildcard cert is for
> *.cloud-console.company.com
>
> Amogh
>
> On 9/3/14 2:03 AM, "Kirk Kosinski" wrote:
>
> >Hi, Indra. I t
True.
As Kirk pointed out, please make sure the wildcard cert is for
*.cloud-console.company.com
Amogh
On 9/3/14 2:03 AM, "Kirk Kosinski" wrote:
>Hi, Indra. I think I've seen someone do this. It should be fine as
>long as you can create the required DNS records in the subdomain and
>have a wi
Hi, Indra. I think I've seen someone do this. It should be fine as
long as you can create the required DNS records in the subdomain and
have a wildcard cert for the subdomain to upload to CloudStack.
Best regards,
Kirk
On 09/02/2014 09:02 PM, Indra Pramana wrote:
> Dear all,
>
> Would like to
Dear all,
Would like to check if we can use a subdomain instead of a domain for
realhostip.com replacement for console proxy? E.g. instead of using
cloud-console-company.com, we use cloud-console.company.com (a subdomain of
company.com).
Looking forward to your reply, thank you.
Cheers.
ack.apache.org>"
mailto:users@cloudstack.apache.org>>,
"fgaudrea...@cloudops.com<mailto:fgaudrea...@cloudops.com>"
mailto:fgaudrea...@cloudops.com>>
Cc: Amogh Vasekar mailto:amogh.vase...@citrix.com>>
Subject: Re: Realhostip Replacement
Just in case people
Just in case people haven't noticed this yet, the SSVM uses
realhostip.comas well for transfers between zones. So don't forget to
change that too.
(this is in ver 3.x, I can't speak for 4.x)
On Thu, May 1, 2014 at 4:24 PM, Francois Gaudreault <
fgaudrea...@cloudops.com> wrote:
> On 2014-05-01,
On 2014-05-01, 3:44 PM, Amogh Vasekar wrote:
Hi,
On 5/1/14 11:58 AM, "Francois Gaudreault" wrote:
Basically,
you provide the SSL cert, we provide the DNS resolution piece for your
domain.
So you provide a DNS for every domain a user might have?
Amogh
That was the plan, yes. I guess we co
Hi,
On 5/1/14 11:58 AM, "Francois Gaudreault" wrote:
>Basically,
>you provide the SSL cert, we provide the DNS resolution piece for your
>domain.
So you provide a DNS for every domain a user might have?
Amogh
Hi all,
I understand that this dependency has been fixed in 4.3, but if we
require SSL, we need to do our own DNS integration, correct?
We were thinking to provide a community-wide service to replace
realhostip. Would that be something the community would use? Basically,
you provide the SSL
30 matches
Mail list logo
