GitHub user SviridoffA added a comment to the discussion: Certificate upload failed on v4.20.0
> Could this be done without the wildcard ssl? only with a console.company.com > ssl? CloudStack has three configuration options. Take a look at this quote from the ShapeBlue article; it's also in the documentation somewhere, but I can't find it quickly. The URL configurations can take three formats – and these also determine what kind of TLS certificate is required. Blank: if left blank / unconfigured the URLs used for CPVM and SSVM will simply be passed as the actual public IP addresses of the system VMs. Static URL: e.g. console.mydomain.com or ssvm.mydomain.com. In these cases CloudStack rely on external URL load balancing / redirection and/or DNS resolution of the URL to the IP address of the CPVM or SSVM. This can be achieved in a number of different ways through load balancing appliances or scripted DNS updates. This configuration relies on: The same URL used for both CPVM and SSVM, or a multi-domain certificate provided to cover both URLs if different ones are used for CPVM and SSVM. Dynamic URL: e.g. *.mydomain.com. In this case CloudStack will redirect the connections to the CPVM / SSVM to the URL “a-b-c-d.mydomain.com” where a/b/c/d represent the IP address, i.e. a real world URL would be 192-168-34-145.mydomain.com. This relies on two things: DNS name resolution configured for the full public system VM IP range, such that all combinations of “a-b-c-d.mydomain.com” can be resolved. Please note in CloudStack version 4.11 the public IP range used purely by system VMs can be limited by reserving a subrange of public IP addresses just for system use. An TLS wildcard certificate covering the full “mydomain.com” domain name. You can find this article here: https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ >Also, After uploading the cert, is there a place in the UI to manage it? Or at >least be aware of it's presence that's uploaded and running? As far as I know, you can't, but you can always check it via the browser's address bar. There might be some ways to do it through cloudmonkey, but I haven't used this way, so I can't say for sure. GitHub link: https://github.com/apache/cloudstack/discussions/12393#discussioncomment-15447930 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
