hi, now I have destroyed CPVM and new one also gives same error. Is there any way I can upload certificate manually in CPVM ? I imported server certificate and root certificate manually in realhostip.keystore , but that doesn’t seem to help. What steps I am missing?
/Sonali -----Original Message----- From: Sonali Jadhav [mailto:son...@servercentralen.se] Sent: Monday, April 27, 2015 2:26 PM To: users@cloudstack.apache.org Subject: RE: CPVM and SSVM certificate not working Importance: High I still have this weird problem with certificate. Now I cross checked my certificate is working fine for SSVM but not for CPVM. I am able to download templates. When I access console I get error saying cloudcentral.net uses an invalid security certificate. The certificate is only valid for the following names: *.realhostip.com, realhostip.com (Error code: ssl_error_bad_cert_domain) But I have applied that cert, I checked at SSVM, I can see my wildcard certificate at /etc/ssl/certs/cert_apache.crt also I can see private certificate at /etc/ssl/private/cert_private.crt. Then I cross checked /usr/local/cloud/systemvm/certs/realhostip.keystore I can see root certificate I gave from UI. But none of this happens at CPVM, I searched entire disk of cpvm , I did not found my custom wildcard certificate. I check cloud.log I do see events like this, 2015-04-27 08:40:10,677 INFO [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] (Console-Proxy-Main:null) Initializing SSL from built-in default certificate But then somehow it's not getting certificate I upload from management server. I also checked /usr/local/cloud/systemvm/certs/realhostip.keystore at CPVM. I only see realhostip and godaddy catrust certificates. I am not getting this. Anyone can suggest something, how I can troubleshoot this? Keeping it high priority, since my customers are unable to take vm consoles. :( /Sonali -----Original Message----- From: Sonali Jadhav Sent: Thursday, April 23, 2015 11:47 AM To: users@cloudstack.apache.org Subject: RE: CPVM and SSVM certificate not working Hi yes, I created DNS record. Consider my domain is cloudcentral.net And CPVM and SSVM public IP addresses are 189.34.45.23 and 189.34.45.24, So in dns zone of cloudcentral.net i have added, 189-34-45-23 A 189.34.45.23 189-34-45-24 A 189.34.45.24 And when I access vm console I see this in mgmt. logs , as per logs its accessing https://cloudcentral.net/ ? I am confused, is it correct ? 2015-04-23 07:48:22,880 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-8:null) SeqA 2-7930: Processing Seq 2-7930: { Cmd , MgmtId: -1, via: 2, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":1,"_loadInfo":"{\n \"connections\": []\n}","wait":0}}] } 2015-04-23 07:48:22,924 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-8:null) SeqA 2-7930: Sending Seq 2-7930: { Ans: , MgmtId: 59778234354585, via: 2, Ver: v1, Flags: 100010, [{"com.cloud.agent.api.AgentControlAnswer":{"result":true,"wait":0}}] } 2015-04-23 07:48:26,132 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-9a28866e) Found 9 routers to update status. 2015-04-23 07:48:26,135 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-9a28866e) Found 0 networks to update RvR status. 2015-04-23 07:48:27,590 DEBUG [c.c.a.t.Request] (http-6443-exec-3:null) Seq 1-8790463522673790330: Sending { Cmd , MgmtId: 59778234354585, via: 1(SeSolXS01), Ver: v1, Flags: 100011, [{"com.cloud.agent.api.GetVncPortCommand":{"id":43,"name":"i-12-43-VM","wait":0}}] } 2015-04-23 07:48:27,590 DEBUG [c.c.a.t.Request] (http-6443-exec-3:null) Seq 1-8790463522673790330: Executing: { Cmd , MgmtId: 59778234354585, via: 1(SeSolXS01), Ver: v1, Flags: 100011, [{"com.cloud.agent.api.GetVncPortCommand":{"id":43,"name":"i-12-43-VM","wait":0}}] } 2015-04-23 07:48:27,590 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-99:ctx-43799e5f) Seq 1-8790463522673790330: Executing request 2015-04-23 07:48:27,616 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-99:ctx-43799e5f) Seq 1-8790463522673790330: Response Received: 2015-04-23 07:48:27,616 DEBUG [c.c.a.t.Request] (DirectAgent-99:ctx-43799e5f) Seq 1-8790463522673790330: Processing: { Ans: , MgmtId: 59778234354585, via: 1, Ver: v1, Flags: 10, [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"consoleurl=https://172.16.5.199/console?uuid=dd68ab81-13c5-24d2-d820-4838164da0bb&sessionref=OpaqueRef:ba85e3b7-d550-1332-1162-48797c9f64af","port":-1,"result":true,"wait":0}}] } 2015-04-23 07:48:27,616 DEBUG [c.c.a.t.Request] (http-6443-exec-3:null) Seq 1-8790463522673790330: Received: { Ans: , MgmtId: 59778234354585, via: 1, Ver: v1, Flags: 10, { GetVncPortAnswer } } 2015-04-23 07:48:27,617 DEBUG [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) Port info consoleurl=https://172.16.5.199/console?uuid=dd68ab81-13c5-24d2-d820-4838164da0bb&sessionref=OpaqueRef:ba85e3b7-d550-1332-1162-48797c9f64af 2015-04-23 07:48:27,617 INFO [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) Parse host info returned from executing GetVNCPortCommand. host info: consoleurl=https://172.16.5.199/console?uuid=dd68ab81-13c5-24d2-d820-4838164da0bb&sessionref=OpaqueRef:ba85e3b7-d550-1332-1162-48797c9f64af 2015-04-23 07:48:27,622 DEBUG [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) Compose console url: https://cloudcentral.net/ajax?token=MXvHQqrZKwZ8a-z-BCsX79s9W5SS72hSW9h0FatY22TYJMB7zPJqDZUyXAMoQNUUFC8_jKCqqkeCxN1ytjHMiRsBIyfe-IaLz_WN7mwhvdniOVYhIflBEHcxmjqqjVgfTOsBhgxVXYmsTrRavXyMSgw1s2pAE5ou55q7nmCUWGy0YY_QY8nzTd5P2azvfKRX5OcUdb7h5rlWLVCk4T5y47_BRgM2gX56l7L2uO2Yh45sP2YLCVrn7PGrYS-ZV0arP1H3lLzo8VpsNWpkO72CE8KhO50MAuiNHufxvPX_ZiOmhbki28Q2yV7IEgMVROyD4eL1YLvvHH3pp_nGKiOXdnd4LM4xXHjLSeUvzSGIGS48I6z7l0vJfV4X3nB3ssmkA_EYdY12a3_aiiVOFYxYJTXIkyP8Jbvh5JbsehYkNIUzpBz6Qc_74WwzLowrMFZw4IdDlAEDV4_uVXvfU_MrjHxyptRlOVNpr2MC197sCWg 2015-04-23 07:48:27,622 DEBUG [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) the console url is :: <html><title>vm-cc01</title><frameset><frame src="https://cloudcentral.net/ajax?token=MXvHQqrZKwZ8a-z-BCsX79s9W5SS72hSW9h0FatY22TYJMB7zPJqDZUyXAMoQNUUFC8_jKCqqkeCxN1ytjHMiRsBIyfe-IaLz_WN7mwhvdniOVYhIflBEHcxmjqqjVgfTOsBhgxVXYmsTrRavXyMSgw1s2pAE5ou55q7nmCUWGy0YY_QY8nzTd5P2azvfKRX5OcUdb7h5rlWLVCk4T5y47_BRgM2gX56l7L2uO2Yh45sP2YLCVrn7PGrYS-ZV0arP1H3lLzo8VpsNWpkO72CE8KhO50MAuiNHufxvPX_ZiOmhbki28Q2yV7IEgMVROyD4eL1YLvvHH3pp_nGKiOXdnd4LM4xXHjLSeUvzSGIGS48I6z7l0vJfV4X3nB3ssmkA_EYdY12a3_aiiVOFYxYJTXIkyP8Jbvh5JbsehYkNIUzpBz6Qc_74WwzLowrMFZw4IdDlAEDV4_uVXvfU_MrjHxyptRlOVNpr2MC197sCWg";></frame></frameset></html> 2015-04-23 07:48:29,537 INFO [c.c.a.m.AgentManagerImpl] (AgentMonitor-1:ctx-0d617ea2) Found the following agents behind on ping: [6, 5, 1, 4] 2015-04-23 07:48:29,541 DEBUG [c.c.h.Status] (AgentMonitor-1:ctx-0d617ea2) Ping timeout for host 6, do invstigation 172.16.5.199 is IP address of mgmt. server, I have created nat to access it from outside like https://portal.cloudcentral.net:6441/clinet /Sonali -----Original Message----- From: Andrija Panic [mailto:andrija.pa...@gmail.com] Sent: Wednesday, April 22, 2015 8:00 PM To: users@cloudstack.apache.org Subject: Re: CPVM and SSVM certificate not working did you create all DNS records aaa-bbb-ccc-ddd.yourdomain.com ? wild card SSL - any ROOT CA and Intermediate CA uploaded also ? On 22 April 2015 at 15:52, Sonali Jadhav <son...@servercentralen.se> wrote: > Hi, > > I have installed certificate for CPVM and SSVM as per this > http://support.citrix.com/article/CTX133468 or > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re > place+realhostip.com+with+Your+Own+Domain+Name > > Now problem is, its giving error that server not found ? > I don't see errors in mgmt. logs, nothing in cpvm logs as well. > Its weird, Any suggestion ? > /Sonali > -- Andrija Panić
