Hi Rohit, keytool -list -keystore /etc/cloudstack/management/keystore.pkcs12 (Password same as in server.properties and works) -------------------- Keystore type: PKCS12 Keystore provider: SUN
Your keystore contains 1 entry 1, 11 Dec 2019, PrivateKeyEntry, Certificate fingerprint (SHA-256): xx:xx:xx:xx...etc -------------------- Converted pkcs12 to jks via "keytool -importkeystore -srckeystore combined.pkcs12 -destkeystore combined.jks -deststoretype jks" (I renamed the copy of keystore.pkcs12 to "combined.pkcs12") Choose same password, output ok Changed server.properties to https.keystore=/etc/cloudstack/management/combined.jks -> Management-Server behaviour is the same -------------------- Logs regarding keystore: 2020-06-29 12:01:02,052 INFO [o.e.j.s.h.ContextHandler] (main:null) (logid:) Started o.e.j.w.WebAppContext@311bf055{/client,file:///usr/share/cloudstack-management/webapp/,AVAILABLE}{/usr/share/cloudstack-management/webapp} 2020-06-29 12:01:02,053 INFO [o.e.j.s.h.ContextHandler] (main:null) (logid:) Started o.e.j.s.h.MovedContextHandler@451001e5{/,null,AVAILABLE} 2020-06-29 12:01:02,076 INFO [o.e.j.s.AbstractConnector] (main:null) (logid:) Started ServerConnector@6f46426d{HTTP/1.1,[http/1.1]}{0.0.0.0:8080} 2020-06-29 12:01:02,090 INFO [o.e.j.u.s.SslContextFactory] (main:null) (logid:) x509=X509@25c6abfa(1,h=[our acual domain name],w=[our domain name again]) for SslContextFactory@4991c0f7[provider=null,keyStore=file:///etc/cloudstack/management/combined.jks,trustStore=null] -------------------- Management Server is listening on 8080 and 8443, though it only says tcp6 for some reason: tcp6 3 0 :::8443 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN I removed IPv6 config from the network scripts but it remains. IPv4 on 8080 is working anyway. Is there anything strange here? Regards Vincent