cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Indra Pramana <in...@sg.or.id>
Subject Re: Unable to upload SSL certificate for realhostip replacement
Date Sat, 27 Sep 2014 17:24:43 GMT
Dear all,

FYI, I managed to complete the tasks and install the certificates. As a
workaround to the unable to upload the root/intermediate cert via API
issue, I uploaded a certificate with just "BEGIN" as text via API, and then
proceed to update the keystore table on the MySQL database directly to
input the whole cert.

It seems to be working, after I uploaded the cert and private key via GUI,
I can see that both CPVM and SSVM are being restarted. When I test:

- Console is working, using my own domain now. Yay! :)

- However, when I try to test downloading a template, it's still showing
realhostip.com as the URL to download. I have tried destroying the SSVM and
a new SSVM was created, up and running. However, it's still showing
realhostip.com when I test again.

Anyone knows why it's still referring to realhostip.com for downloading
templates?

Looking forward to your reply, thank you.

Cheers.


On Sun, Sep 28, 2014 at 12:49 AM, Indra Pramana <indra@sg.or.id> wrote:

> Dear all,
>
> Apologise for sending quite a lot of emails tonight. Anyone knows if it's
> safe for me to update the keystore table on the database directly? Since
> the API call doesn't work.
>
> Thank you.
>
>
> On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana <indra@sg.or.id> wrote:
>
>> Only if I key in the certificate as "BEGIN", then it seems to be
>> accepting. But of course, the certificate is invalid.
>>
>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>> <jobid>1efe722a-e7c7-4c43-9f6b-67ce860dbe34</jobid>
>> </uploadcustomcertificateresponse>
>>
>> Is it my browser issue? I have tried using two different browsers:
>> Firefox and Chrome, and both are having the same problem.
>>
>>
>> On Sun, Sep 28, 2014 at 12:36 AM, Indra Pramana <indra@sg.or.id> wrote:
>>
>>> I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" without the
>>> "-----" and the content of the certificate itself. Same problem persists,
>>> it says parameter certificate is invalid, contains illegal ASCII
>>> non-printable characters.
>>>
>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>> <errorcode>431</errorcode>
>>> <cserrorcode>9999</cserrorcode>
>>> <errortext>
>>> Received value BEGIN CERTIFICATE END CERTIFICATE for parameter
>>> certificate is invalid, contains illegal ASCII non-printable characters
>>> </errortext>
>>> </uploadcustomcertificateresponse>
>>>
>>>
>>> Seems the issue was not actually on the certificate itself, but may be
>>> on the API call handler?
>>>
>>> Any advice is greatly appreciated.
>>>
>>>
>>> On Sat, Sep 27, 2014 at 11:35 PM, Indra Pramana <indra@sg.or.id> wrote:
>>>
>>>> Hi Amogh and all,
>>>>
>>>> To add, I am using RapidSSL and I got the root and intermediate CAs
>>>> from here:
>>>>
>>>>
>>>> https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457
>>>>
>>>> I have ensured that the encoding is done correctly, but still there's
>>>> issue when I tried to upload it. Is it because I am still using version
>>>> 4.2.0, may be there's a different method on how to upload?
>>>>
>>>> Error messages:
>>>>
>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>> <errorcode>431</errorcode>
>>>> <cserrorcode>9999</cserrorcode>
>>>> <errortext>
>>>> Received value -----BEGIN CERTIFICATE-----
>>>> MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
>>>> MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
>>>> aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
>>>> WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
>>>> CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
>>>> OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
>>>> T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
>>>> JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
>>>> Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
>>>> PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
>>>> aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
>>>> TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
>>>> LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
>>>> BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
>>>> dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
>>>> AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
>>>> NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
>>>> b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S -----END CERTIFICATE----- for
>>>> parameter certificate is invalid, contains illegal ASCII non-printable
>>>> characters
>>>> </errortext>
>>>> </uploadcustomcertificateresponse>
>>>>
>>>>
>>>> Any advice is greatly appreciated, since 30 Sep is just another 3
>>>> days...
>>>>
>>>>
>>>> On Sat, Sep 27, 2014 at 11:21 PM, Indra Pramana <indra@sg.or.id> wrote:
>>>>
>>>>> Hi Amogh,
>>>>>
>>>>> I tried again tonight, still the same. Not too sure why, is it
>>>>> something wrong with the certificate? But I have confirmed that it's
the
>>>>> correct root certificate from my CA.
>>>>>
>>>>> Any other advice?
>>>>>
>>>>> Looking forward to your reply, thank you.
>>>>>
>>>>> Cheers.
>>>>>
>>>>> On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vasekar <
>>>>> amogh.vasekar@citrix.com> wrote:
>>>>>
>>>>>> Can you try using http://meyerweb.com/eric/tools/dencoder/
>>>>>>
>>>>>> Amogh
>>>>>>
>>>>>> On 9/22/14 4:36 AM, "Indra Pramana" <indra@sg.or.id> wrote:
>>>>>>
>>>>>> >Dear all,
>>>>>> >
>>>>>> >I am following the instruction on this documentation to replace
>>>>>> >realhostip.com with my own domain.
>>>>>> >
>>>>>> >
>>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replac
>>>>>> >e+realhostip.com+with+Your+Own+Domain+Name
>>>>>> >
>>>>>> >Everything is fine until I need to upload the root certificate
via
>>>>>> API. I
>>>>>> >have URL-encoded the certificate using online URL encoder tool
such
>>>>>> as:
>>>>>> >
>>>>>> >http://www.url-encode-decode.com/
>>>>>> >
>>>>>> >However, when I run the API command, the certificate is rejected,
>>>>>> saying
>>>>>> >that it contains illegal ASCII non-printable characters:
>>>>>> >
>>>>>> >for parameter certificate is invalid, contains illegal ASCII
>>>>>> non-printable
>>>>>> >characters
>>>>>> >
>>>>>> >I have ensured and verified that it only contains generic ASCII
text
>>>>>> >format, no space, symbol etc. Tried using UTF-8, US-ASCII format
>>>>>> while
>>>>>> >encoding, but still cannot work.
>>>>>> >
>>>>>> >Any advice is greatly appreciated.
>>>>>> >
>>>>>> >Looking forward to your reply, thank you.
>>>>>> >
>>>>>> >Cheers.
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message