Hi, For the encoding, in your case it was the space character causing the issue - it should be replaced by %20. The correct encoding would be (hoping mail clients don't screw up the blob): -----BEGIN%20CERTIFICATE-----%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQU AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFN lY3VyZSBDZXJ0%0AaWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQ wMDAw%0AWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE%0A AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB%0ACgKCAQEA 2swYYzD99BcjGlZ%2BW988bDjkcbd4kdS8odhM%2BKhDtgPpTSEHCIjaWC9m%0AOSm9BXiLnTjo BbdqfnGk5sRgprDvgOSJKA%2BeJdbtg%2FOtppHHmMlCGDUUna2YRpIu%0AT8rxh0PBFpVXLVDv iS2Aelet8u5fa9IAjbkU%2BBQVNdnARqN7csiRv8lVK83Qlz6c%0AJmTM386DGXHKTubU1XupGc 1V3sjs0l44U%2BVcT4wt%2FlAjNvxm5suOpDkZALeVAjmR%0ACw7%2BOC7RHQWa9k0%2Bbw8HHa 8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz%0APeE4uwc2hGKceeoWMPRfwCvocWvk%2 BQIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm%0AaPkr0rKV10fYIyAQTzOYkJ%2FUMB0GA1UdDg QWBBTAephojYn7qwVkDBF9qn1luMrM%0ATjAPBgNVHRMBAf8EBTADAQH%2FMA4GA1UdDwEB%2Fw QEAwIBBjA6BgNVHR8EMzAxMC%2Bg%0ALaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxz L3NlY3VyZWNhLmNybDBO%0ABgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6 Ly93d3cuZ2Vv%0AdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUA A4GB%0AAHbhEm5OSxYShjAGsoEIz%2FAIx8dxfmbuwu3UOx%2F%2F8PDITtZDOLC5MH0Y0FWDom rL%0ANhGc6Ehmo21%2FuBPUR%2F6LWlxz%2FK7ZGzIZOKuXNBSqltLroxwUCEm2u%2BWR74M26x 1W%0Ab8ravHNjkOR%2Fez4iyz0H7V84dJzjA1BOoa%2BY7mHyhD8S%0A-----END%20CERTIFIC ATE-----
As for the global parameter, you can set it to something like a few seconds and reset to original value when the URLs have been expired. Thanks Amogh On 9/27/14 10:53 AM, "Indra Pramana" <in...@sg.or.id> wrote: >Hi Wido, > >I have changed the value of secstorage.ssl.cert.domain and restart >management server, before I start uploading all the certificates. > >I found this article, which might be related to the problem: > >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+u >ploading+custom+domain+certificate+instead+of+using+realhostip.com > >==== > >*Specific Issues seen* > > 1. Download urls point to the old domain. > 1. Reduce the expiration duration of the urls by changing global > config extract.url.expiration.interval > 2. And change the frequency for cleanup thread > through extract.url.cleanup.interval restart MS. > 3. Wait for the cleanup thread duration and try downloading again. > See whether the url is deleted. > 4. DB tables to check (don¹t recommend but worst case) > Version < 4.2 upload table persists url. Entry is hard deleted on > expiration of url. > Version >= 4.2 > template_store_ref, download_url is made null on expiration of url. > volume_store_ref, entry hard deleted on expiration of url. > >==== > >But I'm not too sure what is the recommended values I need to set for >extract.url.expiration.interval and extract.url.cleanup.interval. Any >advise? > >Thank you. > > > >On Sun, Sep 28, 2014 at 1:39 AM, Wido den Hollander <w...@widodh.nl> >wrote: > >> >> >> >> >> > Op 27 sep. 2014 om 19:25 heeft Indra Pramana <in...@sg.or.id> het >> volgende geschreven: >> > >> > Dear all, >> > >> > FYI, I managed to complete the tasks and install the certificates. As >>a >> > workaround to the unable to upload the root/intermediate cert via API >> > issue, I uploaded a certificate with just "BEGIN" as text via API, and >> then >> > proceed to update the keystore table on the MySQL database directly to >> > input the whole cert. >> > >> > It seems to be working, after I uploaded the cert and private key via >> GUI, >> > I can see that both CPVM and SSVM are being restarted. When I test: >> > >> > - Console is working, using my own domain now. Yay! :) >> > >> > - However, when I try to test downloading a template, it's still >>showing >> > realhostip.com as the URL to download. I have tried destroying the >>SSVM >> and >> > a new SSVM was created, up and running. However, it's still showing >> > realhostip.com when I test again. >> > >> > Anyone knows why it's still referring to realhostip.com for >>downloading >> > templates? >> > >> >> Look at the global settings. There is a domain for the sec storage as >>well. >> >> Maybe restart the mgmt server? >> >> > Looking forward to your reply, thank you. >> > >> > Cheers. >> > >> > >> >> On Sun, Sep 28, 2014 at 12:49 AM, Indra Pramana <in...@sg.or.id> >>wrote: >> >> >> >> Dear all, >> >> >> >> Apologise for sending quite a lot of emails tonight. Anyone knows if >> it's >> >> safe for me to update the keystore table on the database directly? >>Since >> >> the API call doesn't work. >> >> >> >> Thank you. >> >> >> >> >> >>> On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana <in...@sg.or.id> >> wrote: >> >>> >> >>> Only if I key in the certificate as "BEGIN", then it seems to be >> >>> accepting. But of course, the certificate is invalid. >> >>> >> >>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0"> >> >>> <jobid>1efe722a-e7c7-4c43-9f6b-67ce860dbe34</jobid> >> >>> </uploadcustomcertificateresponse> >> >>> >> >>> Is it my browser issue? I have tried using two different browsers: >> >>> Firefox and Chrome, and both are having the same problem. >> >>> >> >>> >> >>>> On Sun, Sep 28, 2014 at 12:36 AM, Indra Pramana <in...@sg.or.id> >> wrote: >> >>>> >> >>>> I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" without >> the >> >>>> "-----" and the content of the certificate itself. Same problem >> persists, >> >>>> it says parameter certificate is invalid, contains illegal ASCII >> >>>> non-printable characters. >> >>>> >> >>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0"> >> >>>> <errorcode>431</errorcode> >> >>>> <cserrorcode>9999</cserrorcode> >> >>>> <errortext> >> >>>> Received value BEGIN CERTIFICATE END CERTIFICATE for parameter >> >>>> certificate is invalid, contains illegal ASCII non-printable >> characters >> >>>> </errortext> >> >>>> </uploadcustomcertificateresponse> >> >>>> >> >>>> >> >>>> Seems the issue was not actually on the certificate itself, but >>may be >> >>>> on the API call handler? >> >>>> >> >>>> Any advice is greatly appreciated. >> >>>> >> >>>> >> >>>>> On Sat, Sep 27, 2014 at 11:35 PM, Indra Pramana <in...@sg.or.id> >> wrote: >> >>>>> >> >>>>> Hi Amogh and all, >> >>>>> >> >>>>> To add, I am using RapidSSL and I got the root and intermediate >>CAs >> >>>>> from here: >> >>>>> >> >>>>> >> >>>>> >> >>https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page >>=content&actp=CROSSLINK&id=SO26457 >> >>>>> >> >>>>> I have ensured that the encoding is done correctly, but still >>there's >> >>>>> issue when I tried to upload it. Is it because I am still using >> version >> >>>>> 4.2.0, may be there's a different method on how to upload? >> >>>>> >> >>>>> Error messages: >> >>>>> >> >>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0"> >> >>>>> <errorcode>431</errorcode> >> >>>>> <cserrorcode>9999</cserrorcode> >> >>>>> <errortext> >> >>>>> Received value -----BEGIN CERTIFICATE----- >> >>>>> MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT >> >>>>> MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 >> >>>>> aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw >> >>>>> WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE >> >>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB >> >>>>> CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m >> >>>>> OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu >> >>>>> T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c >> >>>>> JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR >> >>>>> Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz >> >>>>> PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm >> >>>>> aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM >> >>>>> TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g >> >>>>> LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO >> >>>>> BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv >> >>>>> dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB >> >>>>> AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL >> >>>>> NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W >> >>>>> b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S -----END >> CERTIFICATE----- for >> >>>>> parameter certificate is invalid, contains illegal ASCII >> non-printable >> >>>>> characters >> >>>>> </errortext> >> >>>>> </uploadcustomcertificateresponse> >> >>>>> >> >>>>> >> >>>>> Any advice is greatly appreciated, since 30 Sep is just another 3 >> >>>>> days... >> >>>>> >> >>>>> >> >>>>>> On Sat, Sep 27, 2014 at 11:21 PM, Indra Pramana <in...@sg.or.id> >> wrote: >> >>>>>> >> >>>>>> Hi Amogh, >> >>>>>> >> >>>>>> I tried again tonight, still the same. Not too sure why, is it >> >>>>>> something wrong with the certificate? But I have confirmed that >> it's the >> >>>>>> correct root certificate from my CA. >> >>>>>> >> >>>>>> Any other advice? >> >>>>>> >> >>>>>> Looking forward to your reply, thank you. >> >>>>>> >> >>>>>> Cheers. >> >>>>>> >> >>>>>> On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vasekar < >> >>>>>> amogh.vase...@citrix.com> wrote: >> >>>>>> >> >>>>>>> Can you try using http://meyerweb.com/eric/tools/dencoder/ >> >>>>>>> >> >>>>>>> Amogh >> >>>>>>> >> >>>>>>>> On 9/22/14 4:36 AM, "Indra Pramana" <in...@sg.or.id> wrote: >> >>>>>>>> >> >>>>>>>> Dear all, >> >>>>>>>> >> >>>>>>>> I am following the instruction on this documentation to replace >> >>>>>>>> realhostip.com with my own domain. >> >>>>>>> >> >>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Repla >>c >> >>>>>>>> e+realhostip.com+with+Your+Own+Domain+Name >> >>>>>>>> >> >>>>>>>> Everything is fine until I need to upload the root certificate >>via >> >>>>>>> API. I >> >>>>>>>> have URL-encoded the certificate using online URL encoder tool >> such >> >>>>>>> as: >> >>>>>>>> >> >>>>>>>> http://www.url-encode-decode.com/ >> >>>>>>>> >> >>>>>>>> However, when I run the API command, the certificate is >>rejected, >> >>>>>>> saying >> >>>>>>>> that it contains illegal ASCII non-printable characters: >> >>>>>>>> >> >>>>>>>> for parameter certificate is invalid, contains illegal ASCII >> >>>>>>> non-printable >> >>>>>>>> characters >> >>>>>>>> >> >>>>>>>> I have ensured and verified that it only contains generic ASCII >> text >> >>>>>>>> format, no space, symbol etc. Tried using UTF-8, US-ASCII >>format >> >>>>>>> while >> >>>>>>>> encoding, but still cannot work. >> >>>>>>>> >> >>>>>>>> Any advice is greatly appreciated. >> >>>>>>>> >> >>>>>>>> Looking forward to your reply, thank you. >> >>>>>>>> >> >>>>>>>> Cheers. >> >> >>
