cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <rohit.ya...@shapeblue.com>
Subject Re: Unable to upload SSL certificate for realhostip replacement
Date Wed, 01 Oct 2014 18:56:51 GMT
Hi Amogh,

Thanks for replying. Here the contents from the keystore table (minus sensitive information):

id, name, domain_suffix, seq
1 | CPVMCertificate | custom.domain.com | null
2 | root | realhostip.com | 0
4 | newroot | custom.domain.com  | 1
5 | inter1 | custom.domain.com | 2
6 | inter2 | custom.domain.com | 3

The Apache CloudStack version is 4.2.1, the systemvm.iso was built by jenkins.buildacloud.org
and it was installed by the built rpms. In my case, the hosts were all XenServer 6.2. I checked
the CPVM logs, and I see that it’s not getting keystore bytes[] from Management server at
all, so falling back to the default realhostip.keystore file when the AgentShell starts and
bootstraps ConsoleProxy. The only issue is when console proxy for a VM is viewed, I’m getting
SSL cert error so instead of *.custom.domain.com I get the *.realhostip.com SSL cert.

Please suggest how may I debug it further or fix it?

On 01-Oct-2014, at 7:15 pm, Amogh Vasekar <amogh.vasekar@citrix.com> wrote:
> Hi,
>
> Can you please paste the contents of the keystore table (minus the private
> key of course)?
>
> For SSVM, in 4.2, the certificate chain was not configured correctly and
> it would only use the server certificate when configuring Apache. It did
> not impact functionality though.
> This is not true for CPVM, which would try to use the full chain.
> It was fixed in 4.3, along with removing a double decoding of certificate
> when uploaded through API. The double decoding issue would manifest as
> non-server certificates to be saved incorrectly in the DB, and hence
> wanted to take a look at the table's contents. Since CPVM uses the full
> chain but not SSVM, I suspect this might be your issue.
>
> For the systemvm.iso - did you rebuild the ISO from source?
> It gets patched automatically in 4.3 for XS, but 4.2 had a versioning
> issue due to which it didn't change automatically.
> For KVM, the ISO gets patched when you reinstall the agent package.
> For Vmware, one needs to remove the old ISO from secondary storage folder
> (under <path_to_secstorage>/systemvm/ I think) so that the new one gets
> applied.
>
> HTH
> Amogh
>
> On 10/1/14 9:51 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
>
>> Hi Amogh,
>>
>> I’ve a different issue, CPVM is opening the console but the HTTP service
>> is returning old *.realhostip.com certificate.
>>
>> I debugged CPVM agent to find that it’s not picking up the keystore sent
>> from Management server. This issue is like:
>> https://issues.apache.org/jira/browse/CLOUDSTACK-3438
>>
>> In the logs (from CPVM), I’m only seeing "Initializing SSL from built-in
>> default certificate”. Reading source from
>> ConsoleProxySecureServerFactoryImpl, this means the agent is starting but
>> is not getting any StartConsoleProxyAgentHttpHandlerCommand with new
>> KeyStore data. I’ve tested this only for 4.2, Paul suggests something
>> similar for 4.3 as well.
>>
>> I’ve one root certificate (id=1), two intermediate certificate (id=2,
>> id=3) and a wildcard domain cert+key. I uploaded them one by one as per
>> the docs and also following Chip’s blog. By doing so, the SSVM keys got
>> updated and by downloading an ISO I see the https url it gave returned
>> correct SSL certificate which means the chain of certificates etc. worked.
>>
>> In case of CPVM, accessing console in browser led to SSL error. Do you
>> may any suggestions on how to get this fixed? If I remove CPVMs, I see
>> it’s still using old systemvm.iso and though docs/wiki recommend
>> systemvm.iso will get patched, it does not actually.
>>
>> On 01-Oct-2014, at 6:32 pm, Amogh Vasekar <amogh.vasekar@citrix.com>
>> wrote:
>>> Hi,
>>>
>>> For 4.2 you may want to refer here :
>>>
>>> http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-cert
>>> if
>>> icate-chains-in-cloudstack.html
>>>
>>> 4.3 had a missing commit, due to which the global config
>>> consoleproxy.url.domain had to be set to "mydomain.com", instead of
>>> "*.mydomain.com". This has been fixed in 4.3.1
>>>
>>> Apologies for the inconvenience.
>>>
>>> Amogh
>>>
>>> On 10/1/14 8:16 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
>>>
>>>> Just to update on the certificate upload issue with 4.2:
>>>>
>>>> I’m able to download and add new volumes/templates/isos and the link
>>>> provided has a valid https url with the same certificate that I
>>>> uploaded
>>>> though when I try to access the console I get SSL cert error and I see
>>>> that it’s still returning the old *.realhostip.com certificate. I’ve
>>>> tried to delete old CPVMs and I see the same issue coming up again.
>>>>
>>>>
>>>> On 01-Oct-2014, at 4:55 pm, Rohit Yadav <rohit.yadav@shapeblue.com>
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>> I’ve fixed cloudmonkey to url encode parameters so now you can use
>>>>> cloudmonkey to upload custom certificate but only in non-interactive
>>>>> mode on shell (bash/zsh). You’ll have to install cloudmonkey from
>>>>> source
>>>>> for now since the fix is only on master.
>>>>>
>>>>> Something like:
>>>>> $ cloudmonkey upload customcertificate id=xx domainsuffix=yy name=zzz
>>>>> certificate=‘asdf
>>>>> asdfasdf
>>>>> asdfasdf
>>>>> asdf---'
>>>>>
>>>>> I’ve some issues to report while replacing certificates to get rid
of
>>>>> realhostip, this is specific for Xen could apply for other hypervisors
>>>>> as well:
>>>>>
>>>>> - In case of 4.2, I see in the database that seq is 0 for the root
>>>>> certificate for the realhostip.com domain. I uploaded certificates in
>>>>> order (root, then intermediate and finally SSL cert from UI), and I
>>>>> see
>>>>> the old certificate is still there. after CPVM/SSVM restarts and are
>>>>> in
>>>>> UP state I still get SSL errors and I see that systemvm.iso is not
>>>>> getting patched. How to fix this? Or force systemvm.iso patching?
>>>>>
>>>>> - In case of 4.3.0 and above, I see the same issue. I’m confused
>>>>> whether to use *. wildcard in global setting or not.
>>>>>
>>>>> On 27-Sep-2014, at 9:32 pm, Amogh Vasekar <amogh.vasekar@citrix.com>
>>>>> wrote:
>>>>>> Hi,
>>>>>>
>>>>>> For the encoding, in your case it was the space character causing
the
>>>>>> issue - it should be replaced by %20. The correct encoding would
be
>>>>>> (hoping mail clients don't screw up the blob):
>>>>>>
>>>>>>
>>>>>> -----BEGIN%20CERTIFICATE-----%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQ
>>>>>> EB
>>>>>> BQU
>>>>>>
>>>>>>
>>>>>> AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZm
>>>>>> F4
>>>>>> IFN
>>>>>>
>>>>>>
>>>>>> lY3VyZSBDZXJ0%0AaWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwOD
>>>>>> Ix
>>>>>> MDQ
>>>>>>
>>>>>>
>>>>>> wMDAw%0AWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1
>>>>>> UE
>>>>>> %0A
>>>>>>
>>>>>>
>>>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB%0ACgK
>>>>>> CA
>>>>>> QEA
>>>>>>
>>>>>>
>>>>>> 2swYYzD99BcjGlZ%2BW988bDjkcbd4kdS8odhM%2BKhDtgPpTSEHCIjaWC9m%0AOSm9BXi
>>>>>> Ln
>>>>>> Tjo
>>>>>>
>>>>>>
>>>>>> BbdqfnGk5sRgprDvgOSJKA%2BeJdbtg%2FOtppHHmMlCGDUUna2YRpIu%0AT8rxh0PBFpV
>>>>>> XL
>>>>>> VDv
>>>>>>
>>>>>>
>>>>>> iS2Aelet8u5fa9IAjbkU%2BBQVNdnARqN7csiRv8lVK83Qlz6c%0AJmTM386DGXHKTubU1
>>>>>> Xu
>>>>>> pGc
>>>>>>
>>>>>>
>>>>>> 1V3sjs0l44U%2BVcT4wt%2FlAjNvxm5suOpDkZALeVAjmR%0ACw7%2BOC7RHQWa9k0%2Bb
>>>>>> w8
>>>>>> HHa
>>>>>>
>>>>>>
>>>>>> 8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz%0APeE4uwc2hGKceeoWMPRfwCvoc
>>>>>> Wv
>>>>>> k%2
>>>>>>
>>>>>>
>>>>>> BQIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm%0AaPkr0rKV10fYIyAQTzOYkJ%2FUMB0GA
>>>>>> 1U
>>>>>> dDg
>>>>>>
>>>>>>
>>>>>> QWBBTAephojYn7qwVkDBF9qn1luMrM%0ATjAPBgNVHRMBAf8EBTADAQH%2FMA4GA1UdDwE
>>>>>> B%
>>>>>> 2Fw
>>>>>>
>>>>>>
>>>>>> QEAwIBBjA6BgNVHR8EMzAxMC%2Bg%0ALaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9
>>>>>> jc
>>>>>> mxz
>>>>>>
>>>>>>
>>>>>> L3NlY3VyZWNhLmNybDBO%0ABgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR
>>>>>> 0c
>>>>>> HM6
>>>>>>
>>>>>>
>>>>>> Ly93d3cuZ2Vv%0AdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQE
>>>>>> BB
>>>>>> QUA
>>>>>>
>>>>>>
>>>>>> A4GB%0AAHbhEm5OSxYShjAGsoEIz%2FAIx8dxfmbuwu3UOx%2F%2F8PDITtZDOLC5MH0Y0
>>>>>> FW
>>>>>> Dom
>>>>>>
>>>>>>
>>>>>> rL%0ANhGc6Ehmo21%2FuBPUR%2F6LWlxz%2FK7ZGzIZOKuXNBSqltLroxwUCEm2u%2BWR7
>>>>>> 4M
>>>>>> 26x
>>>>>>
>>>>>>
>>>>>> 1W%0Ab8ravHNjkOR%2Fez4iyz0H7V84dJzjA1BOoa%2BY7mHyhD8S%0A-----END%20CER
>>>>>> TI
>>>>>> FIC
>>>>>> ATE-----
>>>>>>
>>>>>> As for the global parameter, you can set it to something like a few
>>>>>> seconds and reset to original value when the URLs have been expired.
>>>>>>
>>>>>> Thanks
>>>>>> Amogh
>>>>>>
>>>>>>
>>>>>> On 9/27/14 10:53 AM, "Indra Pramana" <indra@sg.or.id> wrote:
>>>>>>
>>>>>>> Hi Wido,
>>>>>>>
>>>>>>> I have changed the value of secstorage.ssl.cert.domain and restart
>>>>>>> management server, before I start uploading all the certificates.
>>>>>>>
>>>>>>> I found this article, which might be related to the problem:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshootin
>>>>>>> g+
>>>>>>> -+u
>>>>>>> ploading+custom+domain+certificate+instead+of+using+realhostip.com
>>>>>>>
>>>>>>> ====
>>>>>>>
>>>>>>> *Specific Issues seen*
>>>>>>>
>>>>>>> 1. Download urls point to the old domain.
>>>>>>>  1. Reduce the expiration duration of the urls by changing global
>>>>>>>  config extract.url.expiration.interval
>>>>>>>  2. And change the frequency for cleanup thread
>>>>>>>  through extract.url.cleanup.interval restart MS.
>>>>>>>  3. Wait for the cleanup thread duration and try downloading
again.
>>>>>>>  See whether the url is deleted.
>>>>>>>  4. DB tables to check (don¹t recommend but worst case)
>>>>>>>  Version < 4.2 ­ upload table persists url. Entry is hard
deleted
>>>>>>> on
>>>>>>>  expiration of url.
>>>>>>>  Version >= 4.2 ­
>>>>>>>  template_store_ref, download_url is made null on expiration
of
>>>>>>> url.
>>>>>>>  volume_store_ref, entry hard deleted on expiration of url.
>>>>>>>
>>>>>>> ====
>>>>>>>
>>>>>>> But I'm not too sure what is the recommended values I need to
set
>>>>>>> for
>>>>>>> extract.url.expiration.interval and extract.url.cleanup.interval.
>>>>>>> Any
>>>>>>> advise?
>>>>>>>
>>>>>>> Thank you.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Sep 28, 2014 at 1:39 AM, Wido den Hollander <wido@widodh.nl>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Op 27 sep. 2014 om 19:25 heeft Indra Pramana <indra@sg.or.id>
het
>>>>>>>> volgende geschreven:
>>>>>>>>>
>>>>>>>>> Dear all,
>>>>>>>>>
>>>>>>>>> FYI, I managed to complete the tasks and install the
certificates.
>>>>>>>>> As
>>>>>>>> a
>>>>>>>>> workaround to the unable to upload the root/intermediate
cert via
>>>>>>>>> API
>>>>>>>>> issue, I uploaded a certificate with just "BEGIN" as
text via API,
>>>>>>>>> and
>>>>>>>> then
>>>>>>>>> proceed to update the keystore table on the MySQL database
>>>>>>>>> directly
>>>>>>>>> to
>>>>>>>>> input the whole cert.
>>>>>>>>>
>>>>>>>>> It seems to be working, after I uploaded the cert and
private key
>>>>>>>>> via
>>>>>>>> GUI,
>>>>>>>>> I can see that both CPVM and SSVM are being restarted.
When I
>>>>>>>>> test:
>>>>>>>>>
>>>>>>>>> - Console is working, using my own domain now. Yay! :)
>>>>>>>>>
>>>>>>>>> - However, when I try to test downloading a template,
it's still
>>>>>>>> showing
>>>>>>>>> realhostip.com as the URL to download. I have tried destroying
the
>>>>>>>> SSVM
>>>>>>>> and
>>>>>>>>> a new SSVM was created, up and running. However, it's
still
>>>>>>>>> showing
>>>>>>>>> realhostip.com when I test again.
>>>>>>>>>
>>>>>>>>> Anyone knows why it's still referring to realhostip.com
for
>>>>>>>> downloading
>>>>>>>>> templates?
>>>>>>>>>
>>>>>>>>
>>>>>>>> Look at the global settings. There is a domain for the sec
storage
>>>>>>>> as
>>>>>>>> well.
>>>>>>>>
>>>>>>>> Maybe restart the mgmt server?
>>>>>>>>
>>>>>>>>> Looking forward to your reply, thank you.
>>>>>>>>>
>>>>>>>>> Cheers.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Sun, Sep 28, 2014 at 12:49 AM, Indra Pramana <indra@sg.or.id>
>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Dear all,
>>>>>>>>>>
>>>>>>>>>> Apologise for sending quite a lot of emails tonight.
Anyone knows
>>>>>>>>>> if
>>>>>>>> it's
>>>>>>>>>> safe for me to update the keystore table on the database
>>>>>>>>>> directly?
>>>>>>>> Since
>>>>>>>>>> the API call doesn't work.
>>>>>>>>>>
>>>>>>>>>> Thank you.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana
<indra@sg.or.id>
>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Only if I key in the certificate as "BEGIN",
then it seems to be
>>>>>>>>>>> accepting. But of course, the certificate is
invalid.
>>>>>>>>>>>
>>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>>>>>>>>> <jobid>1efe722a-e7c7-4c43-9f6b-67ce860dbe34</jobid>
>>>>>>>>>>> </uploadcustomcertificateresponse>
>>>>>>>>>>>
>>>>>>>>>>> Is it my browser issue? I have tried using two
different
>>>>>>>>>>> browsers:
>>>>>>>>>>> Firefox and Chrome, and both are having the same
problem.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> On Sun, Sep 28, 2014 at 12:36 AM, Indra Pramana
>>>>>>>>>>>> <indra@sg.or.id>
>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> I tried to key in just "BEGIN CERTIFICATE\nEND
CERTIFICATE"
>>>>>>>>>>>> without
>>>>>>>> the
>>>>>>>>>>>> "-----" and the content of the certificate
itself. Same problem
>>>>>>>> persists,
>>>>>>>>>>>> it says parameter certificate is invalid,
contains illegal
>>>>>>>>>>>> ASCII
>>>>>>>>>>>> non-printable characters.
>>>>>>>>>>>>
>>>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>>>>>>>>>> <errorcode>431</errorcode>
>>>>>>>>>>>> <cserrorcode>9999</cserrorcode>
>>>>>>>>>>>> <errortext>
>>>>>>>>>>>> Received value BEGIN CERTIFICATE END CERTIFICATE
for parameter
>>>>>>>>>>>> certificate is invalid, contains illegal
ASCII non-printable
>>>>>>>> characters
>>>>>>>>>>>> </errortext>
>>>>>>>>>>>> </uploadcustomcertificateresponse>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Seems the issue was not actually on the certificate
itself, but
>>>>>>>> may be
>>>>>>>>>>>> on the API call handler?
>>>>>>>>>>>>
>>>>>>>>>>>> Any advice is greatly appreciated.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> On Sat, Sep 27, 2014 at 11:35 PM, Indra
Pramana
>>>>>>>>>>>>> <indra@sg.or.id>
>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Amogh and all,
>>>>>>>>>>>>>
>>>>>>>>>>>>> To add, I am using RapidSSL and I got
the root and
>>>>>>>>>>>>> intermediate
>>>>>>>> CAs
>>>>>>>>>>>>> from here:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> https://knowledge.rapidssl.com/support/ssl-certificate-support/index
>>>>>>>> ?p
>>>>>>>> age
>>>>>>>> =content&actp=CROSSLINK&id=SO26457
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have ensured that the encoding is done
correctly, but still
>>>>>>>> there's
>>>>>>>>>>>>> issue when I tried to upload it. Is it
because I am still
>>>>>>>>>>>>> using
>>>>>>>> version
>>>>>>>>>>>>> 4.2.0, may be there's a different method
on how to upload?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Error messages:
>>>>>>>>>>>>>
>>>>>>>>>>>>> <uploadcustomcertificateresponse cloud-stack-version="4.2.0">
>>>>>>>>>>>>> <errorcode>431</errorcode>
>>>>>>>>>>>>> <cserrorcode>9999</cserrorcode>
>>>>>>>>>>>>> <errortext>
>>>>>>>>>>>>> Received value -----BEGIN CERTIFICATE-----
>>>>>>>>>>>>>
>>>>>>>>>>>>> MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlV
>>>>>>>>>>>>> T
>>>>>>>>>>>>>
>>>>>>>>>>>>> MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ
>>>>>>>>>>>>> 0
>>>>>>>>>>>>>
>>>>>>>>>>>>> aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDA
>>>>>>>>>>>>> w
>>>>>>>>>>>>>
>>>>>>>>>>>>> WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1U
>>>>>>>>>>>>> E
>>>>>>>>>>>>>
>>>>>>>>>>>>> AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMII
>>>>>>>>>>>>> B
>>>>>>>>>>>>>
>>>>>>>>>>>>> CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9
>>>>>>>>>>>>> m
>>>>>>>>>>>>>
>>>>>>>>>>>>> OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpI
>>>>>>>>>>>>> u
>>>>>>>>>>>>>
>>>>>>>>>>>>> T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6
>>>>>>>>>>>>> c
>>>>>>>>>>>>>
>>>>>>>>>>>>> JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjm
>>>>>>>>>>>>> R
>>>>>>>>>>>>>
>>>>>>>>>>>>> Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5as
>>>>>>>>>>>>> z
>>>>>>>>>>>>>
>>>>>>>>>>>>> PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEj
>>>>>>>>>>>>> m
>>>>>>>>>>>>>
>>>>>>>>>>>>> aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMr
>>>>>>>>>>>>> M
>>>>>>>>>>>>>
>>>>>>>>>>>>> TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+
>>>>>>>>>>>>> g
>>>>>>>>>>>>>
>>>>>>>>>>>>> LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDB
>>>>>>>>>>>>> O
>>>>>>>>>>>>>
>>>>>>>>>>>>> BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2V
>>>>>>>>>>>>> v
>>>>>>>>>>>>>
>>>>>>>>>>>>> dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4G
>>>>>>>>>>>>> B
>>>>>>>>>>>>>
>>>>>>>>>>>>> AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomr
>>>>>>>>>>>>> L
>>>>>>>>>>>>>
>>>>>>>>>>>>> NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1
>>>>>>>>>>>>> W
>>>>>>>>>>>>> b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
-----END
>>>>>>>> CERTIFICATE----- for
>>>>>>>>>>>>> parameter certificate is invalid, contains
illegal ASCII
>>>>>>>> non-printable
>>>>>>>>>>>>> characters
>>>>>>>>>>>>> </errortext>
>>>>>>>>>>>>> </uploadcustomcertificateresponse>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Any advice is greatly appreciated, since
30 Sep is just
>>>>>>>>>>>>> another
>>>>>>>>>>>>> 3
>>>>>>>>>>>>> days...
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Sat, Sep 27, 2014 at 11:21 PM,
Indra Pramana
>>>>>>>>>>>>>> <indra@sg.or.id>
>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Amogh,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I tried again tonight, still the
same. Not too sure why, is
>>>>>>>>>>>>>> it
>>>>>>>>>>>>>> something wrong with the certificate?
But I have confirmed
>>>>>>>>>>>>>> that
>>>>>>>> it's the
>>>>>>>>>>>>>> correct root certificate from my
CA.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Any other advice?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Looking forward to your reply, thank
you.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Cheers.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Sep 23, 2014 at 12:56 AM,
Amogh Vasekar <
>>>>>>>>>>>>>> amogh.vasekar@citrix.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Can you try using http://meyerweb.com/eric/tools/dencoder/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Amogh
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 9/22/14 4:36 AM, "Indra
Pramana" <indra@sg.or.id> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Dear all,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I am following the instruction
on this documentation to
>>>>>>>>>>>>>>>> replace
>>>>>>>>>>>>>>>> realhostip.com with my own
domain.
>>>>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+
>>>>>>>> Re
>>>>>>>> pla
>>>>>>>> c
>>>>>>>>>>>>>>>> e+realhostip.com+with+Your+Own+Domain+Name
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Everything is fine until
I need to upload the root
>>>>>>>>>>>>>>>> certificate
>>>>>>>> via
>>>>>>>>>>>>>>> API. I
>>>>>>>>>>>>>>>> have URL-encoded the certificate
using online URL encoder
>>>>>>>>>>>>>>>> tool
>>>>>>>> such
>>>>>>>>>>>>>>> as:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> http://www.url-encode-decode.com/
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> However, when I run the API
command, the certificate is
>>>>>>>> rejected,
>>>>>>>>>>>>>>> saying
>>>>>>>>>>>>>>>> that it contains illegal
ASCII non-printable characters:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> for parameter certificate
is invalid, contains illegal
>>>>>>>>>>>>>>>> ASCII
>>>>>>>>>>>>>>> non-printable
>>>>>>>>>>>>>>>> characters
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have ensured and verified
that it only contains generic
>>>>>>>>>>>>>>>> ASCII
>>>>>>>> text
>>>>>>>>>>>>>>>> format, no space, symbol
etc. Tried using UTF-8, US-ASCII
>>>>>>>> format
>>>>>>>>>>>>>>> while
>>>>>>>>>>>>>>>> encoding, but still cannot
work.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Any advice is greatly appreciated.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Looking forward to your reply,
thank you.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Cheers.
>>>>>
>>>>> Regards,
>>>>> Rohit Yadav
>>>>> Software Architect, ShapeBlue
>>>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>>
>>>>>
>>>>>
>>>>> Find out more about ShapeBlue and our range of CloudStack related
>>>>> services
>>>>>
>>>>> IaaS Cloud Design &
>>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>>> CSForge ­ rapid IaaS deployment
>>>>> framework<http://shapeblue.com/csforge/>
>>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>>> CloudStack Infrastructure
>>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>>> CloudStack Bootcamp Training
>>>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>>>
>>>>> This email and any attachments to it may be confidential and are
>>>>> intended solely for the use of the individual to whom it is addressed.
>>>>> Any views or opinions expressed are solely those of the author and do
>>>>> not necessarily represent those of Shape Blue Ltd or related
>>>>> companies.
>>>>> If you are not the intended recipient of this email, you must neither
>>>>> take any action based upon its contents, nor copy or show it to
>>>>> anyone.
>>>>> Please contact the sender if you believe you have received this email
>>>>> in
>>>>> error. Shape Blue Ltd is a company incorporated in England & Wales.
>>>>> ShapeBlue Services India LLP is a company incorporated in India and is
>>>>> operated under license from Shape Blue Ltd. Shape Blue Brasil
>>>>> Consultoria Ltda is a company incorporated in Brasil and is operated
>>>>> under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>>>> registered by The Republic of South Africa and is traded under license
>>>>> from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>>>
>>>> Regards,
>>>> Rohit Yadav
>>>> Software Architect, ShapeBlue
>>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>
>>>>
>>>>
>>>> Find out more about ShapeBlue and our range of CloudStack related
>>>> services
>>>>
>>>> IaaS Cloud Design &
>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>> CSForge ­ rapid IaaS deployment
>>>> framework<http://shapeblue.com/csforge/>
>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>> CloudStack Infrastructure
>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>> CloudStack Bootcamp Training
>>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>>
>>>> This email and any attachments to it may be confidential and are
>>>> intended
>>>> solely for the use of the individual to whom it is addressed. Any views
>>>> or opinions expressed are solely those of the author and do not
>>>> necessarily represent those of Shape Blue Ltd or related companies. If
>>>> you are not the intended recipient of this email, you must neither take
>>>> any action based upon its contents, nor copy or show it to anyone.
>>>> Please
>>>> contact the sender if you believe you have received this email in
>>>> error.
>>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>>>> Services India LLP is a company incorporated in India and is operated
>>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
>>>> is
>>>> a company incorporated in Brasil and is operated under license from
>>>> Shape
>>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic
>>>> of
>>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>>>> is a registered trademark.
>>>
>>
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.yadav@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>
>>
>>
>> Find out more about ShapeBlue and our range of CloudStack related services
>>
>> IaaS Cloud Design &
>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Infrastructure
>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training
>> Courses<http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views
>> or opinions expressed are solely those of the author and do not
>> necessarily represent those of Shape Blue Ltd or related companies. If
>> you are not the intended recipient of this email, you must neither take
>> any action based upon its contents, nor copy or show it to anyone. Please
>> contact the sender if you believe you have received this email in error.
>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>> Services India LLP is a company incorporated in India and is operated
>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>> a company incorporated in Brasil and is operated under license from Shape
>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>> is a registered trademark.
>

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab



Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.
Mime
View raw message