I already thought of manually modifying the DB, I just wasn't sure if there was anything else going on behind the scenes when the API calls are used. Do the system VMs grab the keystore info from the DB automatically each time they boot? Would there be anything else I would need to do other than modify the database? I'm way more comfortable with MySQL than Python, and I don't plan on changing the cert any time soon, so just getting it to work is fine with me.
Thanks for the help! -----Original Message----- From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] Sent: Thursday, December 12, 2013 6:46 PM To: users@cloudstack.apache.org Subject: Re: Console Proxy Certificate Chain It would appear to be a Cloudmonkey issue then. If you are skilled in Python, you could try and fix it there. If you just want to get stuff to work, you could hack it in the DB. On 12/12/13 2:20 PM, "Billy Ramsay" <bram...@dynamicquest.com> wrote: >All, > >I am attempting to install a custom certificate for our console proxy >VMs, as we have setup our own DNS responder using the RHIP source. The >uploadCustomCertificate API command is not documented very well, and >I'm having issues getting the certificate to install correctly. If I am >not mistaken, a cert that requires an intermediate CA cannot be >installed from the web interface, and must be done using the API. >However, when using CloudMonkey, I cannot seem to get the certificate >(and it's chain) uploaded properly. > >I am using the instructions here: >http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-ce >rti >fi >cate-chains-in-cloudstack.html > >However, I am using CloudMonkey and not the old Python wrapper. > >The root and intermediate CA certs seem to upload without issue, but >when I view the "keystore" table in the CS database, the certs are >formatted wrong (the "\n"s did not get converted to new lines). > >Also, the actual certificate will not upload, and the error I receive >is that the certificate failed validation. The certificate and key work >fine when I install them via the web interface (although there is not >intermediate CA installed, obviously). > >What am I doing wrong? > >Version info: > >CloudStack 4.1.1 >CloudMonkey 5.0.0 > >
