cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Angus <paul.an...@shapeblue.com>
Subject RE: Unable to upload SSL certificate for realhostip replacement
Date Wed, 01 Oct 2014 18:29:59 GMT
I'm using 4.3.0 with VMware, /usr/share/cloudstack-common/vms/systemvm.iso isn't being updated
so removing <path_to_secstorage>/systemvm/ systemvm-4.3.0.iso just means the original
iso get copied back.



Regards

Paul Angus
Cloud Architect
S: +44 20 3603 0540 | M: +447711418784 | T: CloudyAngus
paul.angus@shapeblue.com

-----Original Message-----
From: Amogh Vasekar [mailto:amogh.vasekar@citrix.com]
Sent: 01 October 2014 18:15
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: Unable to upload SSL certificate for realhostip replacement

Hi,

Can you please paste the contents of the keystore table (minus the private key of course)?

For SSVM, in 4.2, the certificate chain was not configured correctly and it would only use
the server certificate when configuring Apache. It did not impact functionality though.
This is not true for CPVM, which would try to use the full chain.
It was fixed in 4.3, along with removing a double decoding of certificate when uploaded through
API. The double decoding issue would manifest as non-server certificates to be saved incorrectly
in the DB, and hence wanted to take a look at the table's contents. Since CPVM uses the full
chain but not SSVM, I suspect this might be your issue.

For the systemvm.iso - did you rebuild the ISO from source?
It gets patched automatically in 4.3 for XS, but 4.2 had a versioning issue due to which it
didn't change automatically.
For KVM, the ISO gets patched when you reinstall the agent package.
For Vmware, one needs to remove the old ISO from secondary storage folder (under <path_to_secstorage>/systemvm/
I think) so that the new one gets applied.

HTH
Amogh

On 10/1/14 9:51 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:

>Hi Amogh,
>
>I’ve a different issue, CPVM is opening the console but the HTTP
>service is returning old *.realhostip.com certificate.
>
>I debugged CPVM agent to find that it’s not picking up the keystore
>sent from Management server. This issue is like:
>https://issues.apache.org/jira/browse/CLOUDSTACK-3438
>
>In the logs (from CPVM), I’m only seeing "Initializing SSL from
>built-in default certificate”. Reading source from
>ConsoleProxySecureServerFactoryImpl, this means the agent is starting
>but is not getting any StartConsoleProxyAgentHttpHandlerCommand with
>new KeyStore data. I’ve tested this only for 4.2, Paul suggests
>something similar for 4.3 as well.
>
>I’ve one root certificate (id=1), two intermediate certificate (id=2,
>id=3) and a wildcard domain cert+key. I uploaded them one by one as per
>the docs and also following Chip’s blog. By doing so, the SSVM keys got
>updated and by downloading an ISO I see the https url it gave returned
>correct SSL certificate which means the chain of certificates etc. worked.
>
>In case of CPVM, accessing console in browser led to SSL error. Do you
>may any suggestions on how to get this fixed? If I remove CPVMs, I see
>it’s still using old systemvm.iso and though docs/wiki recommend
>systemvm.iso will get patched, it does not actually.
>
>On 01-Oct-2014, at 6:32 pm, Amogh Vasekar <amogh.vasekar@citrix.com>
>wrote:
>> Hi,
>>
>> For 4.2 you may want to refer here :
>>
>>http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-c
>>ert
>>if
>> icate-chains-in-cloudstack.html
>>
>> 4.3 had a missing commit, due to which the global config
>> consoleproxy.url.domain had to be set to "mydomain.com", instead of
>> "*.mydomain.com". This has been fixed in 4.3.1
>>
>> Apologies for the inconvenience.
>>
>> Amogh
>>
>> On 10/1/14 8:16 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
>>
>>> Just to update on the certificate upload issue with 4.2:
>>>
>>> I’m able to download and add new volumes/templates/isos and the link
>>>provided has a valid https url with the same certificate that I
>>>uploaded  though when I try to access the console I get SSL cert
>>>error and I see  that it’s still returning the old *.realhostip.com
>>>certificate. I’ve  tried to delete old CPVMs and I see the same issue
>>>coming up again.
>>>
>>>
>>> On 01-Oct-2014, at 4:55 pm, Rohit Yadav <rohit.yadav@shapeblue.com>
>>>wrote:
>>>> Hi,
>>>>
>>>> I’ve fixed cloudmonkey to url encode parameters so now you can use
>>>>cloudmonkey to upload custom certificate but only in non-interactive
>>>>mode on shell (bash/zsh). You’ll have to install cloudmonkey from
>>>>source  for now since the fix is only on master.
>>>>
>>>> Something like:
>>>> $ cloudmonkey upload customcertificate id=xx domainsuffix=yy
>>>> name=zzz certificate=‘asdf asdfasdf asdfasdf asdf---'
>>>>
>>>> I’ve some issues to report while replacing certificates to get rid
>>>> of realhostip, this is specific for Xen could apply for other
>>>> hypervisors as well:
>>>>
>>>> - In case of 4.2, I see in the database that seq is 0 for the root
>>>>certificate for the realhostip.com domain. I uploaded certificates
>>>>in  order (root, then intermediate and finally SSL cert from UI),
>>>>and I see  the old certificate is still there. after CPVM/SSVM
>>>>restarts and are in  UP state I still get SSL errors and I see that
>>>>systemvm.iso is not  getting patched. How to fix this? Or force
>>>>systemvm.iso patching?
>>>>
>>>> - In case of 4.3.0 and above, I see the same issue. I’m confused
>>>> whether to use *. wildcard in global setting or not.
>>>>
>>>> On 27-Sep-2014, at 9:32 pm, Amogh Vasekar
>>>> <amogh.vasekar@citrix.com>
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>> For the encoding, in your case it was the space character causing
>>>>> the issue - it should be replaced by %20. The correct encoding
>>>>> would be (hoping mail clients don't screw up the blob):
>>>>>
>>>>>
>>>>>-----BEGIN%20CERTIFICATE-----%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb
>>>>>3DQ
>>>>>EB
>>>>> BQU
>>>>>
>>>>>
>>>>>AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXV
>>>>>pZm
>>>>>F4
>>>>> IFN
>>>>>
>>>>>
>>>>>lY3VyZSBDZXJ0%0AaWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTg
>>>>>wOD
>>>>>Ix
>>>>> MDQ
>>>>>
>>>>>
>>>>>wMDAw%0AWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBk
>>>>>GA1
>>>>>UE
>>>>> %0A
>>>>>
>>>>>
>>>>>AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB%0A
>>>>>CgK
>>>>>CA
>>>>> QEA
>>>>>
>>>>>
>>>>>2swYYzD99BcjGlZ%2BW988bDjkcbd4kdS8odhM%2BKhDtgPpTSEHCIjaWC9m%0AOSm9
>>>>>BXi
>>>>>Ln
>>>>> Tjo
>>>>>
>>>>>
>>>>>BbdqfnGk5sRgprDvgOSJKA%2BeJdbtg%2FOtppHHmMlCGDUUna2YRpIu%0AT8rxh0PB
>>>>>FpV
>>>>>XL
>>>>> VDv
>>>>>
>>>>>
>>>>>iS2Aelet8u5fa9IAjbkU%2BBQVNdnARqN7csiRv8lVK83Qlz6c%0AJmTM386DGXHKTu
>>>>>bU1
>>>>>Xu
>>>>> pGc
>>>>>
>>>>>
>>>>>1V3sjs0l44U%2BVcT4wt%2FlAjNvxm5suOpDkZALeVAjmR%0ACw7%2BOC7RHQWa9k0%
>>>>>2Bb
>>>>>w8
>>>>> HHa
>>>>>
>>>>>
>>>>>8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz%0APeE4uwc2hGKceeoWMPRfwC
>>>>>voc
>>>>>Wv
>>>>> k%2
>>>>>
>>>>>
>>>>>BQIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm%0AaPkr0rKV10fYIyAQTzOYkJ%2FUMB
>>>>>0GA
>>>>>1U
>>>>> dDg
>>>>>
>>>>>
>>>>>QWBBTAephojYn7qwVkDBF9qn1luMrM%0ATjAPBgNVHRMBAf8EBTADAQH%2FMA4GA1Ud
>>>>>DwE
>>>>>B%
>>>>> 2Fw
>>>>>
>>>>>
>>>>>QEAwIBBjA6BgNVHR8EMzAxMC%2Bg%0ALaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNv
>>>>>bS9
>>>>>jc
>>>>> mxz
>>>>>
>>>>>
>>>>>L3NlY3VyZWNhLmNybDBO%0ABgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYt
>>>>>aHR
>>>>>0c
>>>>> HM6
>>>>>
>>>>>
>>>>>Ly93d3cuZ2Vv%0AdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3
>>>>>DQE
>>>>>BB
>>>>> QUA
>>>>>
>>>>>
>>>>>A4GB%0AAHbhEm5OSxYShjAGsoEIz%2FAIx8dxfmbuwu3UOx%2F%2F8PDITtZDOLC5MH
>>>>>0Y0
>>>>>FW
>>>>> Dom
>>>>>
>>>>>
>>>>>rL%0ANhGc6Ehmo21%2FuBPUR%2F6LWlxz%2FK7ZGzIZOKuXNBSqltLroxwUCEm2u%2B
>>>>>WR7
>>>>>4M
>>>>> 26x
>>>>>
>>>>>
>>>>>1W%0Ab8ravHNjkOR%2Fez4iyz0H7V84dJzjA1BOoa%2BY7mHyhD8S%0A-----END%20
>>>>>CER
>>>>>TI
>>>>> FIC
>>>>> ATE-----
>>>>>
>>>>> As for the global parameter, you can set it to something like a
>>>>> few seconds and reset to original value when the URLs have been expired.
>>>>>
>>>>> Thanks
>>>>> Amogh
>>>>>
>>>>>
>>>>> On 9/27/14 10:53 AM, "Indra Pramana" <indra@sg.or.id> wrote:
>>>>>
>>>>>> Hi Wido,
>>>>>>
>>>>>> I have changed the value of secstorage.ssl.cert.domain and
>>>>>> restart management server, before I start uploading all the certificates.
>>>>>>
>>>>>> I found this article, which might be related to the problem:
>>>>>>
>>>>>>
>>>>>>
>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshoo
>>>>>>tin
>>>>>>g+
>>>>>> -+u
>>>>>> ploading+custom+domain+certificate+instead+of+using+realhostip.co
>>>>>> ploading+custom+domain+certificate+instead+of+using+m
>>>>>>
>>>>>> ====
>>>>>>
>>>>>> *Specific Issues seen*
>>>>>>
>>>>>> 1. Download urls point to the old domain.
>>>>>>   1. Reduce the expiration duration of the urls by changing global
>>>>>>   config extract.url.expiration.interval
>>>>>>   2. And change the frequency for cleanup thread
>>>>>>   through extract.url.cleanup.interval restart MS.
>>>>>>   3. Wait for the cleanup thread duration and try downloading again.
>>>>>>   See whether the url is deleted.
>>>>>>   4. DB tables to check (don¹t recommend but worst case)
>>>>>>   Version < 4.2 ­ upload table persists url. Entry is hard
>>>>>>deleted on
>>>>>>   expiration of url.
>>>>>>   Version >= 4.2 ­
>>>>>>   template_store_ref, download_url is made null on expiration of
>>>>>>url.
>>>>>>   volume_store_ref, entry hard deleted on expiration of url.
>>>>>>
>>>>>> ====
>>>>>>
>>>>>> But I'm not too sure what is the recommended values I need to set
>>>>>>for  extract.url.expiration.interval and
>>>>>>extract.url.cleanup.interval.
>>>>>>Any
>>>>>> advise?
>>>>>>
>>>>>> Thank you.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Sep 28, 2014 at 1:39 AM, Wido den Hollander
>>>>>> <wido@widodh.nl>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Op 27 sep. 2014 om 19:25 heeft Indra Pramana <indra@sg.or.id>
>>>>>>>> het
>>>>>>> volgende geschreven:
>>>>>>>>
>>>>>>>> Dear all,
>>>>>>>>
>>>>>>>> FYI, I managed to complete the tasks and install the certificates.
>>>>>>>> As
>>>>>>> a
>>>>>>>> workaround to the unable to upload the root/intermediate
cert
>>>>>>>> via API issue, I uploaded a certificate with just "BEGIN"
as
>>>>>>>> text via API, and
>>>>>>> then
>>>>>>>> proceed to update the keystore table on the MySQL database
>>>>>>>>directly  to  input the whole cert.
>>>>>>>>
>>>>>>>> It seems to be working, after I uploaded the cert and private
>>>>>>>> key via
>>>>>>> GUI,
>>>>>>>> I can see that both CPVM and SSVM are being restarted. When
I
>>>>>>>>test:
>>>>>>>>
>>>>>>>> - Console is working, using my own domain now. Yay! :)
>>>>>>>>
>>>>>>>> - However, when I try to test downloading a template, it's
>>>>>>>> still
>>>>>>> showing
>>>>>>>> realhostip.com as the URL to download. I have tried destroying
>>>>>>>> the
>>>>>>> SSVM
>>>>>>> and
>>>>>>>> a new SSVM was created, up and running. However, it's still
>>>>>>>>showing  realhostip.com when I test again.
>>>>>>>>
>>>>>>>> Anyone knows why it's still referring to realhostip.com for
>>>>>>> downloading
>>>>>>>> templates?
>>>>>>>>
>>>>>>>
>>>>>>> Look at the global settings. There is a domain for the sec
>>>>>>>storage as  well.
>>>>>>>
>>>>>>> Maybe restart the mgmt server?
>>>>>>>
>>>>>>>> Looking forward to your reply, thank you.
>>>>>>>>
>>>>>>>> Cheers.
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Sun, Sep 28, 2014 at 12:49 AM, Indra Pramana
>>>>>>>>> <indra@sg.or.id>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Dear all,
>>>>>>>>>
>>>>>>>>> Apologise for sending quite a lot of emails tonight.
Anyone
>>>>>>>>> knows if
>>>>>>> it's
>>>>>>>>> safe for me to update the keystore table on the database
>>>>>>>>>directly?
>>>>>>> Since
>>>>>>>>> the API call doesn't work.
>>>>>>>>>
>>>>>>>>> Thank you.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana
>>>>>>>>>> <indra@sg.or.id>
>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Only if I key in the certificate as "BEGIN", then
it seems to
>>>>>>>>>> be accepting. But of course, the certificate is invalid.
>>>>>>>>>>
>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>>>>>>>> <jobid>1efe722a-e7c7-4c43-9f6b-67ce860dbe34</jobid>
>>>>>>>>>> </uploadcustomcertificateresponse>
>>>>>>>>>>
>>>>>>>>>> Is it my browser issue? I have tried using two different
>>>>>>>>>>browsers:
>>>>>>>>>> Firefox and Chrome, and both are having the same
problem.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On Sun, Sep 28, 2014 at 12:36 AM, Indra Pramana
>>>>>>>>>>><indra@sg.or.id>
>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> I tried to key in just "BEGIN CERTIFICATE\nEND
CERTIFICATE"
>>>>>>>>>>> without
>>>>>>> the
>>>>>>>>>>> "-----" and the content of the certificate itself.
Same
>>>>>>>>>>> problem
>>>>>>> persists,
>>>>>>>>>>> it says parameter certificate is invalid, contains
illegal
>>>>>>>>>>>ASCII  non-printable characters.
>>>>>>>>>>>
>>>>>>>>>>> <uploadcustomcertificateresponse
>>>>>>>>>>> cloud-stack-version="4.2.0"> <errorcode>431</errorcode>
>>>>>>>>>>> <cserrorcode>9999</cserrorcode> <errortext>
Received value
>>>>>>>>>>> BEGIN CERTIFICATE END CERTIFICATE for parameter
certificate
>>>>>>>>>>> is invalid, contains illegal ASCII non-printable
>>>>>>> characters
>>>>>>>>>>> </errortext>
>>>>>>>>>>> </uploadcustomcertificateresponse>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Seems the issue was not actually on the certificate
itself,
>>>>>>>>>>> but
>>>>>>> may be
>>>>>>>>>>> on the API call handler?
>>>>>>>>>>>
>>>>>>>>>>> Any advice is greatly appreciated.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> On Sat, Sep 27, 2014 at 11:35 PM, Indra Pramana
>>>>>>>>>>>><indra@sg.or.id>
>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Amogh and all,
>>>>>>>>>>>>
>>>>>>>>>>>> To add, I am using RapidSSL and I got the
root and
>>>>>>>>>>>>intermediate
>>>>>>> CAs
>>>>>>>>>>>> from here:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>https://knowledge.rapidssl.com/support/ssl-certificate-support/in
>>>>>>>dex
>>>>>>>?p
>>>>>>> age
>>>>>>> =content&actp=CROSSLINK&id=SO26457
>>>>>>>>>>>>
>>>>>>>>>>>> I have ensured that the encoding is done
correctly, but
>>>>>>>>>>>> still
>>>>>>> there's
>>>>>>>>>>>> issue when I tried to upload it. Is it because
I am still
>>>>>>>>>>>>using
>>>>>>> version
>>>>>>>>>>>> 4.2.0, may be there's a different method
on how to upload?
>>>>>>>>>>>>
>>>>>>>>>>>> Error messages:
>>>>>>>>>>>>
>>>>>>>>>>>> <uploadcustomcertificateresponse
>>>>>>>>>>>> cloud-stack-version="4.2.0"> <errorcode>431</errorcode>
>>>>>>>>>>>> <cserrorcode>9999</cserrorcode>
<errortext> Received value
>>>>>>>>>>>> -----BEGIN CERTIFICATE-----
>>>>>>>>>>>>
>>>>>>>>>>>>MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYT
>>>>>>>>>>>>AlV
>>>>>>>>>>>>T
>>>>>>>>>>>>
>>>>>>>>>>>>MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBD
>>>>>>>>>>>>ZXJ
>>>>>>>>>>>>0
>>>>>>>>>>>>
>>>>>>>>>>>>aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQw
>>>>>>>>>>>>MDA
>>>>>>>>>>>>w
>>>>>>>>>>>>
>>>>>>>>>>>>WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkG
>>>>>>>>>>>>A1U
>>>>>>>>>>>>E
>>>>>>>>>>>>
>>>>>>>>>>>>AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
>>>>>>>>>>>>MII
>>>>>>>>>>>>B
>>>>>>>>>>>>
>>>>>>>>>>>>CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIja
>>>>>>>>>>>>CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+WC9
>>>>>>>>>>>>m
>>>>>>>>>>>>
>>>>>>>>>>>>OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2Y
>>>>>>>>>>>>OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+RpI
>>>>>>>>>>>>u
>>>>>>>>>>>>
>>>>>>>>>>>>T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Q
>>>>>>>>>>>>T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+lz6
>>>>>>>>>>>>c
>>>>>>>>>>>>
>>>>>>>>>>>>JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeV
>>>>>>>>>>>>JmTM386DGXHKTubU1XupGc1V3sjs0l44U+Ajm
>>>>>>>>>>>>R
>>>>>>>>>>>>
>>>>>>>>>>>>Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx
>>>>>>>>>>>>Cw7+OC7RHQWa9k0+5as
>>>>>>>>>>>>z
>>>>>>>>>>>>
>>>>>>>>>>>>PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaA
>>>>>>>>>>>>PeE4uwc2hGKceeoWMPRfwCvocWvk+FEj
>>>>>>>>>>>>m
>>>>>>>>>>>>
>>>>>>>>>>>>aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1l
>>>>>>>>>>>>uMr
>>>>>>>>>>>>M
>>>>>>>>>>>>
>>>>>>>>>>>>TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAx
>>>>>>>>>>>>MC+
>>>>>>>>>>>>g
>>>>>>>>>>>>
>>>>>>>>>>>>LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNy
>>>>>>>>>>>>bDB
>>>>>>>>>>>>O
>>>>>>>>>>>>
>>>>>>>>>>>>BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cu
>>>>>>>>>>>>Z2V
>>>>>>>>>>>>v
>>>>>>>>>>>>
>>>>>>>>>>>>dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUA
>>>>>>>>>>>>A4G
>>>>>>>>>>>>B
>>>>>>>>>>>>
>>>>>>>>>>>>AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWD
>>>>>>>>>>>>omr
>>>>>>>>>>>>L
>>>>>>>>>>>>
>>>>>>>>>>>>NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M2
>>>>>>>>>>>>6x1
>>>>>>>>>>>>W
>>>>>>>>>>>> b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
-----END
>>>>>>> CERTIFICATE----- for
>>>>>>>>>>>> parameter certificate is invalid, contains
illegal ASCII
>>>>>>> non-printable
>>>>>>>>>>>> characters
>>>>>>>>>>>> </errortext>
>>>>>>>>>>>> </uploadcustomcertificateresponse>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Any advice is greatly appreciated, since
30 Sep is just
>>>>>>>>>>>>another
>>>>>>>>>>>> 3
>>>>>>>>>>>> days...
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> On Sat, Sep 27, 2014 at 11:21 PM, Indra
Pramana
>>>>>>>>>>>>> <indra@sg.or.id>
>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Amogh,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I tried again tonight, still the same.
Not too sure why,
>>>>>>>>>>>>>is it  something wrong with the certificate?
But I have
>>>>>>>>>>>>>confirmed that
>>>>>>> it's the
>>>>>>>>>>>>> correct root certificate from my CA.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Any other advice?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Looking forward to your reply, thank
you.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Cheers.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Sep 23, 2014 at 12:56 AM, Amogh
Vasekar <
>>>>>>>>>>>>> amogh.vasekar@citrix.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Can you try using
>>>>>>>>>>>>>> http://meyerweb.com/eric/tools/dencoder/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Amogh
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 9/22/14 4:36 AM, "Indra Pramana"
<indra@sg.or.id> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Dear all,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I am following the instruction
on this documentation to
>>>>>>>>>>>>>>> replace realhostip.com with my
own domain.
>>>>>>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+
>>>>>>>to+
>>>>>>>Re
>>>>>>> pla
>>>>>>> c
>>>>>>>>>>>>>>> e+realhostip.com+with+Your+Own+Domain+Name
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Everything is fine until I need
to upload the root
>>>>>>>>>>>>>>> certificate
>>>>>>> via
>>>>>>>>>>>>>> API. I
>>>>>>>>>>>>>>> have URL-encoded the certificate
using online URL
>>>>>>>>>>>>>>> encoder tool
>>>>>>> such
>>>>>>>>>>>>>> as:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> http://www.url-encode-decode.com/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> However, when I run the API command,
the certificate is
>>>>>>> rejected,
>>>>>>>>>>>>>> saying
>>>>>>>>>>>>>>> that it contains illegal ASCII
non-printable characters:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> for parameter certificate is
invalid, contains illegal
>>>>>>>>>>>>>>>ASCII
>>>>>>>>>>>>>> non-printable
>>>>>>>>>>>>>>> characters
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I have ensured and verified that
it only contains
>>>>>>>>>>>>>>> generic ASCII
>>>>>>> text
>>>>>>>>>>>>>>> format, no space, symbol etc.
Tried using UTF-8,
>>>>>>>>>>>>>>> US-ASCII
>>>>>>> format
>>>>>>>>>>>>>> while
>>>>>>>>>>>>>>> encoding, but still cannot work.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Any advice is greatly appreciated.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Looking forward to your reply,
thank you.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Cheers.
>>>>
>>>> Regards,
>>>> Rohit Yadav
>>>> Software Architect, ShapeBlue
>>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>
>>>>
>>>>
>>>> Find out more about ShapeBlue and our range of CloudStack related
>>>> services
>>>>
>>>> IaaS Cloud Design &
>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>> CSForge ­ rapid IaaS deployment
>>>>framework<http://shapeblue.com/csforge/>
>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>> CloudStack Infrastructure
>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>> CloudStack Bootcamp Training
>>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>>
>>>> This email and any attachments to it may be confidential and are
>>>>intended solely for the use of the individual to whom it is addressed.
>>>> Any views or opinions expressed are solely those of the author and
>>>>do  not necessarily represent those of Shape Blue Ltd or related
>>>>companies.
>>>> If you are not the intended recipient of this email, you must
>>>>neither  take any action based upon its contents, nor copy or show
>>>>it to anyone.
>>>> Please contact the sender if you believe you have received this
>>>>email in  error. Shape Blue Ltd is a company incorporated in England
>>>>& Wales.
>>>> ShapeBlue Services India LLP is a company incorporated in India and
>>>>is  operated under license from Shape Blue Ltd. Shape Blue Brasil
>>>>Consultoria Ltda is a company incorporated in Brasil and is operated
>>>>under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>>>registered by The Republic of South Africa and is traded under
>>>>license  from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>>
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>
>>>
>>>
>>> Find out more about ShapeBlue and our range of CloudStack related
>>>services
>>>
>>> IaaS Cloud Design &
>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge ­ rapid IaaS deployment
>>>framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Infrastructure
>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training
>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are
>>>intended  solely for the use of the individual to whom it is
>>>addressed. Any views  or opinions expressed are solely those of the
>>>author and do not  necessarily represent those of Shape Blue Ltd or
>>>related companies. If  you are not the intended recipient of this
>>>email, you must neither take  any action based upon its contents, nor
>>>copy or show it to anyone.
>>>Please
>>> contact the sender if you believe you have received this email in
>>>error.
>>> Shape Blue Ltd is a company incorporated in England & Wales.
>>>ShapeBlue  Services India LLP is a company incorporated in India and
>>>is operated  under license from Shape Blue Ltd. Shape Blue Brasil
>>>Consultoria Ltda is  a company incorporated in Brasil and is operated
>>>under license from Shape  Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>>registered by The Republic of  South Africa and is traded under
>>>license from Shape Blue Ltd. ShapeBlue  is a registered trademark.
>>
>
>Regards,
>Rohit Yadav
>Software Architect, ShapeBlue
>M. +41 779015219 | rohit.yadav@shapeblue.com
>Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
>Find out more about ShapeBlue and our range of CloudStack related
>services
>
>IaaS Cloud Design &
>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>CSForge ­ rapid IaaS deployment
>framework<http://shapeblue.com/csforge/>
>CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>CloudStack Infrastructure
>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>CloudStack Bootcamp Training
>Courses<http://shapeblue.com/cloudstack-training/>
>
>This email and any attachments to it may be confidential and are
>intended solely for the use of the individual to whom it is addressed.
>Any views or opinions expressed are solely those of the author and do
>not necessarily represent those of Shape Blue Ltd or related companies.
>If you are not the intended recipient of this email, you must neither
>take any action based upon its contents, nor copy or show it to anyone.
>Please contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
>is a company incorporated in Brasil and is operated under license from
>Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
>Republic of South Africa and is traded under license from Shape Blue
>Ltd. ShapeBlue is a registered trademark.

Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.
Mime
View raw message