I was able to get it all to work using the API. I followed Chip's advice http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
The difference is is that I'm using my own CloudStack API wrapper in PHP and the certificates and private key needed to be url encoded twice (once for normal URL transmission and once before that for transmission into the system) before they would be pushed out correctly to the system VMs. I also replaced all newlines with \r\n and trimmed off the white space from beginning and end of the strings for good measure. Before I discovered that, the certificates would look like they had been imported correctly in the database but were being prevented from being used on the Java end of things. - Ian On Tue, May 6, 2014 at 2:17 AM, Gopala Krishnan <gopkris2...@gmail.com>wrote: > Yes... I have changed manually id in keystore tables. > > 1 for root cert > 2 for intermediate CA > 3 for certificate > > > > > On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar <amogh.vase...@citrix.com > >wrote: > > > Can you please outline the steps in uploading intermediate and root > > certificates? Specifically, was the "id" parameter set (1 for root, 2 for > > intermediate_ca_1 etc..) > > > > Amogh > > > > On 5/5/14 10:10 PM, "Gopala Krishnan" <gopkris2...@gmail.com> wrote: > > > > >Amogh, > > > > > >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA > > >certificate as per order. But still not console accessible. > > > > > >Any idea? > > > > > > > > > > > >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar > > ><amogh.vase...@citrix.com>wrote: > > > > > >> Hi, > > >> > > >> Which version are you on? Also, did you upload the root and > intermediate > > >> certificates (if any)? > > >> > > >> Amogh > > >> > > >> On 5/3/14 3:38 AM, "Gopala Krishnan" <gopkris2...@gmail.com> wrote: > > >> > > >> >Hi, > > >> > > > >> >I have tried to change realhostip.com for console proxy. I have > > created > > >> >SSL > > >> >certificate with wildcard SSL and updated as per the cloudstack > > >>document. > > >> > > > >> > > > >> > > >> > > > http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l > > >>a > > >> >test/systemvm.html#console-proxy > > >> > > > >> >Its not working.. I have done the following steps. > > >> > > > >> >Purchased SSL certificate for my domain *.hostname.com and updated > the > > >> >certificate via the cloudstack UI. > > >> > > > >> >Infrastructure - > SSL certificate > > >> > > > >> >Pasted the certificate > > >> >Pasted the Key > > >> >DNS domain = hostname.com > > >> > > > >> >Once completed, I have optimized the global settings > > >> > > > >> >consoleproxy.url.domain = hostname.com > > >> > > > >> > > > >> >When I click console for VM, It shows certificate trusted errors. > May I > > >> >know what I done wrong?? > > >> > > > >> > > > >> >-- > > >> >Gopala Krishnan.S > > >> >Mobile : +91 9865709094 / +91 9994874447 > > >> >*cPanel KnowledgeBase <http://www.cpanelkb.net/>* > > >> >*Linux Server Admin Tools* <http://www.gnutoolbox.com> > > >> > > >> > > > > > > > > >-- > > >Gopala Krishnan.S > > >Mobile : +91 9865709094 / +91 9994874447 > > >*cPanel KnowledgeBase <http://www.cpanelkb.net/>* > > >*Linux Server Admin Tools* <http://www.gnutoolbox.com> > > > > > > > -- > Gopala Krishnan.S > Mobile : +91 9865709094 / +91 9994874447 > *cPanel KnowledgeBase <http://www.cpanelkb.net/>* > *Linux Server Admin Tools* <http://www.gnutoolbox.com> >
