cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephan Seitz <s.se...@secretresearchfacility.com>
Subject Re: ./certs/realhostip.keystore in SSVN
Date Wed, 16 Mar 2016 15:06:29 GMT
Sadhu,

thank you for your feedback. unfortunately, my problem is not using own
certificates on the SSVM/CPVM. This is already done.

We're missing some newer Root-CA certificates in the keystore, so
therefor some https-download-URL are not working since SSVM doesn't know
about that (even valid) root-CA.

My question is, how to I add root-CA to the keystore (say, an equivalent
to the system-wide "aptitude upgrade ca-certificates").

I think, I could also file a jira ticket but I want to understand the
mechanisms in prior.

Right now, we encounter Problems with D/L URL secured by LetsEncrypt and
some Comodo RSA Roots with SHA256 Intermediates.

I already fixed that by adding the respective certificates to the
keystore, but I assume it's better to get that persistent :)

Oh, and we're running 4.7 w/ 4.6 SSVM/CPVM-template.

cheers,

- Stephan

Am Mittwoch, den 16.03.2016, 09:22 +0000 schrieb Suresh Sadhu: 
> Please check this link:
> http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html
> 
> 
> your uploaded certis loaded in the database in keystore table, after upload ssl successful
it recreate ssvm/cpvm with new key .
> 
> regards
> sadhu
> 
> 
> -----Original Message-----
> From: Stephan Seitz [mailto:s.seitz@secretresearchfacility.com] 
> Sent: Wednesday, March 16, 2016 2:13 PM
> To: dev@cloudstack.apache.org
> Subject: ./certs/realhostip.keystore in SSVN
> 
> Hey devs!
> 
> I just added some recent root-CA certificates to running SSVM instances.
> I'ld like to persist this by updating the realhostip.keystore, and can't locate that
keystore file inside the template.vhd.
> Even after searching the git repo, I don't know where this file is deployed from.
> 
> Could someone please shed some light where to find that keystore source?
> 
> Thanks in advance!
> 
> cheers,
> 
> - Stephan
> 
> 
> 
> 
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property
of Accelerite, a Persistent Systems business. It is intended only for the use of the individual
or entity to which it is addressed. If you are not the intended recipient, you are not authorized
to read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.



Mime
View raw message