cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Question: Domain filed on the SSL upload form
Date Tue, 27 Feb 2018 13:32:42 GMT
Hi all,

I got confused about the domain fields/API parameter that is used when
uploading new SSL, to be used on CPVM and SSVM copy process (this is
domain_suffix in cloud.keystore table)

Due to some automation, I came across the following scenarios, which WORKS
FINE, but I'm confused as how and why it works.

New SSL that was issued for " *.domain1.com " was uploaded via API (CA,
intermediate, server cert, and the key in pkcs8) - but doman specified
during this SSL upload process was " domain2.com " (so NOT matching domain
of the certificate)

This causes the cloud.keystore table/rows to have this domain2.com in the
last column next to CA/intermediate/server/key... (this is domain_suffix
column)

But in global config we define " *.domain1.com " as the CERT to be used for
CPVM and for securing/encrypting secondary storage copy process between
zones
Same SSL is also used to i.e. download templates etc...

So it all works fine, but...how ?, when "domain1.com" (instead of "*.
domain2.com") was defined in uploadCertificate GUI/API - i.e. what is the
use of this domain_suffix field at all ?

Thx,

-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message