cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wido den Hollander <w...@widodh.nl>
Subject Re: Unable to upload SSL certificate for realhostip replacement
Date Sat, 27 Sep 2014 17:39:21 GMT




> Op 27 sep. 2014 om 19:25 heeft Indra Pramana <indra@sg.or.id> het volgende geschreven:
> 
> Dear all,
> 
> FYI, I managed to complete the tasks and install the certificates. As a
> workaround to the unable to upload the root/intermediate cert via API
> issue, I uploaded a certificate with just "BEGIN" as text via API, and then
> proceed to update the keystore table on the MySQL database directly to
> input the whole cert.
> 
> It seems to be working, after I uploaded the cert and private key via GUI,
> I can see that both CPVM and SSVM are being restarted. When I test:
> 
> - Console is working, using my own domain now. Yay! :)
> 
> - However, when I try to test downloading a template, it's still showing
> realhostip.com as the URL to download. I have tried destroying the SSVM and
> a new SSVM was created, up and running. However, it's still showing
> realhostip.com when I test again.
> 
> Anyone knows why it's still referring to realhostip.com for downloading
> templates?
> 

Look at the global settings. There is a domain for the sec storage as well.

Maybe restart the mgmt server?

> Looking forward to your reply, thank you.
> 
> Cheers.
> 
> 
>> On Sun, Sep 28, 2014 at 12:49 AM, Indra Pramana <indra@sg.or.id> wrote:
>> 
>> Dear all,
>> 
>> Apologise for sending quite a lot of emails tonight. Anyone knows if it's
>> safe for me to update the keystore table on the database directly? Since
>> the API call doesn't work.
>> 
>> Thank you.
>> 
>> 
>>> On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana <indra@sg.or.id> wrote:
>>> 
>>> Only if I key in the certificate as "BEGIN", then it seems to be
>>> accepting. But of course, the certificate is invalid.
>>> 
>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>> <jobid>1efe722a-e7c7-4c43-9f6b-67ce860dbe34</jobid>
>>> </uploadcustomcertificateresponse>
>>> 
>>> Is it my browser issue? I have tried using two different browsers:
>>> Firefox and Chrome, and both are having the same problem.
>>> 
>>> 
>>>> On Sun, Sep 28, 2014 at 12:36 AM, Indra Pramana <indra@sg.or.id> wrote:
>>>> 
>>>> I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" without the
>>>> "-----" and the content of the certificate itself. Same problem persists,
>>>> it says parameter certificate is invalid, contains illegal ASCII
>>>> non-printable characters.
>>>> 
>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>> <errorcode>431</errorcode>
>>>> <cserrorcode>9999</cserrorcode>
>>>> <errortext>
>>>> Received value BEGIN CERTIFICATE END CERTIFICATE for parameter
>>>> certificate is invalid, contains illegal ASCII non-printable characters
>>>> </errortext>
>>>> </uploadcustomcertificateresponse>
>>>> 
>>>> 
>>>> Seems the issue was not actually on the certificate itself, but may be
>>>> on the API call handler?
>>>> 
>>>> Any advice is greatly appreciated.
>>>> 
>>>> 
>>>>> On Sat, Sep 27, 2014 at 11:35 PM, Indra Pramana <indra@sg.or.id>
wrote:
>>>>> 
>>>>> Hi Amogh and all,
>>>>> 
>>>>> To add, I am using RapidSSL and I got the root and intermediate CAs
>>>>> from here:
>>>>> 
>>>>> 
>>>>> https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457
>>>>> 
>>>>> I have ensured that the encoding is done correctly, but still there's
>>>>> issue when I tried to upload it. Is it because I am still using version
>>>>> 4.2.0, may be there's a different method on how to upload?
>>>>> 
>>>>> Error messages:
>>>>> 
>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>>> <errorcode>431</errorcode>
>>>>> <cserrorcode>9999</cserrorcode>
>>>>> <errortext>
>>>>> Received value -----BEGIN CERTIFICATE-----
>>>>> MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
>>>>> MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
>>>>> aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
>>>>> WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
>>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
>>>>> CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
>>>>> OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
>>>>> T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
>>>>> JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
>>>>> Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
>>>>> PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
>>>>> aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
>>>>> TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
>>>>> LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
>>>>> BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
>>>>> dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
>>>>> AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
>>>>> NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
>>>>> b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S -----END CERTIFICATE-----
for
>>>>> parameter certificate is invalid, contains illegal ASCII non-printable
>>>>> characters
>>>>> </errortext>
>>>>> </uploadcustomcertificateresponse>
>>>>> 
>>>>> 
>>>>> Any advice is greatly appreciated, since 30 Sep is just another 3
>>>>> days...
>>>>> 
>>>>> 
>>>>>> On Sat, Sep 27, 2014 at 11:21 PM, Indra Pramana <indra@sg.or.id>
wrote:
>>>>>> 
>>>>>> Hi Amogh,
>>>>>> 
>>>>>> I tried again tonight, still the same. Not too sure why, is it
>>>>>> something wrong with the certificate? But I have confirmed that it's
the
>>>>>> correct root certificate from my CA.
>>>>>> 
>>>>>> Any other advice?
>>>>>> 
>>>>>> Looking forward to your reply, thank you.
>>>>>> 
>>>>>> Cheers.
>>>>>> 
>>>>>> On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vasekar <
>>>>>> amogh.vasekar@citrix.com> wrote:
>>>>>> 
>>>>>>> Can you try using http://meyerweb.com/eric/tools/dencoder/
>>>>>>> 
>>>>>>> Amogh
>>>>>>> 
>>>>>>>> On 9/22/14 4:36 AM, "Indra Pramana" <indra@sg.or.id>
wrote:
>>>>>>>> 
>>>>>>>> Dear all,
>>>>>>>> 
>>>>>>>> I am following the instruction on this documentation to replace
>>>>>>>> realhostip.com with my own domain.
>>>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replac
>>>>>>>> e+realhostip.com+with+Your+Own+Domain+Name
>>>>>>>> 
>>>>>>>> Everything is fine until I need to upload the root certificate
via
>>>>>>> API. I
>>>>>>>> have URL-encoded the certificate using online URL encoder
tool such
>>>>>>> as:
>>>>>>>> 
>>>>>>>> http://www.url-encode-decode.com/
>>>>>>>> 
>>>>>>>> However, when I run the API command, the certificate is rejected,
>>>>>>> saying
>>>>>>>> that it contains illegal ASCII non-printable characters:
>>>>>>>> 
>>>>>>>> for parameter certificate is invalid, contains illegal ASCII
>>>>>>> non-printable
>>>>>>>> characters
>>>>>>>> 
>>>>>>>> I have ensured and verified that it only contains generic
ASCII text
>>>>>>>> format, no space, symbol etc. Tried using UTF-8, US-ASCII
format
>>>>>>> while
>>>>>>>> encoding, but still cannot work.
>>>>>>>> 
>>>>>>>> Any advice is greatly appreciated.
>>>>>>>> 
>>>>>>>> Looking forward to your reply, thank you.
>>>>>>>> 
>>>>>>>> Cheers.
>> 

Mime
View raw message