cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
Date Thu, 16 Apr 2015 21:03:39 GMT
updated main docs, created pull request...

Thanks

On 16 April 2015 at 15:40, Andrija Panic <andrija.panic@gmail.com> wrote:

> Suresh,
>
> not sure if I miss something, but on:
> http://cloudstack-administration.readthedocs.org/en/4.4/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain
> I dont see any mentioning of ROOT CA, and Intermediate CA.
>
> The only page I found that references these, is:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
>
> Not sure how to edit this one ?
>
> Thanks
>
> On 16 April 2015 at 14:28, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:
>
>> Good  to hear. If you feel documentation is not clear then please raise
>> the doc bug for the same.
>>
>> Regards
>> Sadhu
>>
>>
>> -----Original Message-----
>> From: Andrija Panic [mailto:andrija.panic@gmail.com]
>> Sent: 15 April 2015 16:39
>> To: dev@cloudstack.apache.org
>> Cc: users@cloudstack.apache.org
>> Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>>
>> Hi guys,
>>
>> just to update - issue solved:
>>
>> Deleted the 5th row, so only 4 additional rows left (as original keystore
>> table layout prior to replacing certificate)
>>
>> The problem was actually, while URL encoding ROOT CA and Intermediate CA,
>> the plus sign ( + ) was replaced by SPACE...
>>
>> Thanks for all the help everybody
>>
>>
>> On 7 April 2015 at 20:10, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:
>>
>> >  If you have taken backup of  your  table(keystore) before upload then
>> > you revert to previous state then upload the certificates again.
>> >
>> > Encode(url ecode) the  root and intermediate keys while uploading
>> > through api Root - seq 1 Intermediate  seq 2
>> >
>> >  And while uploading server certificate  through UI  don 't  encode
>> > the keys  ,enter only  server certificate and private key(it should be
>> > PKCS#8
>> > format) and domain name  because you have already uploaded root and
>> > intermediate through API.( how to check certificate uploaded correctly
>> > or not on system vms ,just run the keytool  -list on system vms --for
>> > syntax/description   ref this blog it might useful to you :
>> > http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-whi
>> > le.html
>> > )
>> >
>> > Regards
>> > Sadhu
>> >
>> >
>> > -----Original Message-----
>> > From: Andrija Panic [mailto:andrija.panic@gmail.com]
>> > Sent: 07 April 2015 23:19
>> > To: dev@cloudstack.apache.org
>> > Cc: users@cloudstack.apache.org
>> > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>> >
>> > Thanks Suresh.
>> >
>> > 2 identical sequence numbers means:  first occurence is OLD
>> > Intermediate CA(from 1 year ago), and the second occurence is the new
>> > one just uploaded (it happened I used different names)
>> >
>> > for ROOT CA - it happened I used the same name "ROOT1" so the old one
>> > got overwriten with seq number 1
>> >
>> > Do you expect I should delete the old Intermediate1 CA manually (and
>> > leave only the new one) ?
>> > Or am I expected to upload again ROOT/intermediate with exact same
>> > names and seq numbers ?
>> >
>> > Thanks
>> >
>> > On 7 April 2015 at 19:43, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:
>> >
>> > > I see same sequence number for 2 intermediate certificates. does
>> > > your certificate has multiple  intermediate certificate or it has
>> only one.
>> > >
>> > > The reason for getting realhost ip is . your certificate is not
>> > > applied correctly  that is reason it's still refer the old
>> certificate.
>> > >
>> > >
>> > > Regards
>> > > sadhu
>> > >
>> > > -----Original Message-----
>> > > From: Andrija Panic [mailto:andrija.panic@gmail.com]
>> > > Sent: 07 April 2015 22:56
>> > > To: users@cloudstack.apache.org
>> > > Cc: dev@cloudstack.apache.org
>> > > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>> > >
>> > > Hi Lucian
>> > >
>> > > yes it is *.domain.com (from 4.3.1 onwards)...
>> > >
>> > > If you can check my attached image, keystore tableseems messed a
>> > > little bit
>> > > :)
>> > > http://snag.gy/LMA4h.jpg
>> > >
>> > >
>> > > On 7 April 2015 at 19:12, Nux! <nux@li.nux.ro> wrote:
>> > >
>> > > > Can you check secstorage.ssl.cert.domain in global settings and
>> > > > see if it's the correct one?
>> > > > Should be *.blah.tld or whatever your domain is.
>> > > >
>> > > >
>> > > > HTH
>> > > > Lucian
>> > > >
>> > > > --
>> > > > Sent from the Delta quadrant using Borg technology!
>> > > >
>> > > > Nux!
>> > > > www.nux.ro
>> > > >
>> > > > ----- Original Message -----
>> > > > > From: "Andrija Panic" <andrija.panic@gmail.com>
>> > > > > To: users@cloudstack.apache.org, dev@cloudstack.apache.org
>> > > > > Sent: Tuesday, 7 April, 2015 17:42:35
>> > > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>> > > >
>> > > > > Hi guys,
>> > > > >
>> > > > > our SSL just expired, and I needed to upload new ROOT CA,
>> > > > > Intemediata
>> > > > ROOT
>> > > > > CA, and at the end SSL for sever and a private key.
>> > > > >
>> > > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
>> > > > Intermediate
>> > > > > ROOT CA, via API, with URL encoded stuff - checked in database
>> > > > > all seems
>> > > > OK.
>> > > > >
>> > > > > But after uploading new SSL and private key, destroyed CPVM and
>> > > > > SSVM
>> > > > > - my Console Proxy shows *.realiphost.com as the domain for the
>> > > > > SSL wjen I access
>> > > > >
>> > > > > Any clues what I did wrong ?
>> > > > > Should I have somehow removed first old ROOT CA and old
>> > > > > Intermediate CA, and upload new ones ?
>> > > > >
>> > > > > Here is database content from cloud.keystore:
>> > > > > http://snag.gy/LMA4h.jpg
>> > > > >
>> > > > > This means that for some reason, original realiphost.com SSL
is
>> > > > > now used inside CPVM...
>> > > > >
>> > > > > Any help greatly appreciated, since this is live system...
>> > > > >
>> > > > > Thanks,
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > >
>> > > > > Andrija Panić
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > >
>> > > Andrija Panić
>> > >
>> >
>> >
>> >
>> > --
>> >
>> > Andrija Panić
>> >
>>
>>
>>
>> --
>>
>> Andrija Panić
>>
>
>
>
> --
>
> Andrija Panić
>



-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message