cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Sadhu <Suresh.Sa...@citrix.com>
Subject RE: Unable to upload customer certificate
Date Wed, 01 Apr 2015 04:46:27 GMT
HI Erik,

It seems while uploading the server certificate through UI, you might have  provided the url
encoded value in the server certificate .. that is the reason you have seeing this exception.[I
just reproduce your issue by providing encoded value in the UI wizard ]

You no need to perform url encode while uploading the certificate from UI because internally
 CS will do for you while uploading the certificate from UI.
you have to encode keys only when you are uploading the keys using API.(i.e for uploading
 root and intermediate  through API )

Steps:
1.first  upload root/intermediate certificate  through api  by providing encoded values( refer
this link  to encode keys http://www.url-encode-decode.com/)
.
2.for server certificate -go to UI -provide Server certificate, PKCS#8 Private Key and domain
name [Here don't encode the certificates  because CS will do it for u internally.]


It seems my blog misses this information will update it now(http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html
) . thank you.


If you still see the issues, please provide the full logs  .


Regards
sadhu












-----Original Message-----
From: Erik Weber [mailto:terbolous@gmail.com] 
Sent: 01 April 2015 03:35
To: users@cloudstack.apache.org
Cc: dev
Subject: Re: Unable to upload customer certificate

On Tue, Mar 31, 2015 at 11:52 PM, Erik Weber <terbolous@gmail.com> wrote:

> On Tue, Mar 31, 2015 at 2:57 PM, Suresh Sadhu 
> <Suresh.Sadhu@citrix.com>
> wrote:
>
>> HI,
>>
>> Code not changed recently  and try uploading the 
>> keys(root,intermediate) using api which was mentioned by you (Guide followed:
>>
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+R
>> eplace+realhostip.com+with+Your+Own+Domain+Name)
>>  and  server certifictate through UI.
>>
>>
> This is beginning to drive me mad.
>
> - I have converted the original PEM key to PKCS#8 (twice according to 
> docs).
> - I've tried both with pythons urllib.quote to encode, as well as 
> using advanced rest client in chrome.
> - I've verified with openssl that the key matches the cert (and to be 
> frank, we're using this in a lot of other places, including another 
> cloudstack install...)
>
>
Heck, that got me thinking that I could copy the keystore table, and so I did, but it still
fails.... with the exact same error message as previously.

--
Erik
Mime
View raw message