From dev-return-110955-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Tue Feb 27 14:32:49 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 9BC0C180651 for ; Tue, 27 Feb 2018 14:32:48 +0100 (CET) Received: (qmail 8238 invoked by uid 500); 27 Feb 2018 13:32:47 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 8212 invoked by uid 99); 27 Feb 2018 13:32:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Feb 2018 13:32:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 39A91180146; Tue, 27 Feb 2018 13:32:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.879 X-Spam-Level: * X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id JDp2p7X6_E7U; Tue, 27 Feb 2018 13:32:44 +0000 (UTC) Received: from mail-oi0-f52.google.com (mail-oi0-f52.google.com [209.85.218.52]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 24FB85F568; Tue, 27 Feb 2018 13:32:44 +0000 (UTC) Received: by mail-oi0-f52.google.com with SMTP id t185so12846530oif.6; Tue, 27 Feb 2018 05:32:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Z3drjxEaqX27rW4i7seJ5S3MUsrFhE5nchLWixPXC90=; b=OSY5rYR3SJjdYlyhg5JYXz3oJYjUHGYWc059rTgK/u1OehrJr6zxf7xrHyjhGP+g7G NbAuMTi/I0MS16fzaVDJeBuyn6wFESPg+DqQ7fHoZgNJsAFkjbz87AdSZHf3+AhVNHFY diKd99sQTClndGLdqRX1pOWWypzbETOrXFTT/elJUT9vUL7O96iCKrf6HLPos1TzWIgd OKdS+mxNU9YpO8C64lGdJAyNbopsvsPP7lxXFliyIwp4h5UZ1Pp/aV7H1Ty7WlD+SzS0 g6SMPWLLmiIdShuzLwgggeSoL1qIet2NHmXnRf8yTfqdh6RdiTQ3llGFJCby9fCDSclA J5nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Z3drjxEaqX27rW4i7seJ5S3MUsrFhE5nchLWixPXC90=; b=Pu0/FRdv3FG4v3hvSMN+o0yG3liTtJuVDDhNg7YlC7hXExdtoeJa4SzJt7Gha6VzF2 SPFVepJoCv/5ycpAB8oEJedMmpHLgL/Bn2UgVS2VCqLJaLcR4nZTAS1D0t5S/sZZmZsD 6g1GeI53z5dC4MiwUrRsI9rVjJV1U/OgroBjs4lAKsYDxEUF4Prx7EKSAF8rXvLWSEf+ WTEmVESbVB6vvhZC3+DoecpAZQ+0wPFZIcKvAw2azfcABwvx/2hW9yf2/HIwapiKKcEq mX/YdC0FVLVB1H6Hv+2ZiV00tpD/otbVmYXmVlgsfNqPXRxbQA9pyUe2VoWhuLo/NSfz oJcA== X-Gm-Message-State: APf1xPDoG/CcU2WsFKKiM6QmO/87EyOGq0yXd2PSf2eZje5i22dSo6e7 HHrGFJVlRC2Nt8a4JUqDPzHTmE21x5Io2l6oAUiEqA== X-Google-Smtp-Source: AG47ELvwEGefB4T9s3Etj7rqTykFvl4x8TLgJ4rSRDpEOgXnK4ozzEjfzalSP6w4CLnp0Mnpfz0nYTdPc029xwRN8FQ= X-Received: by 10.202.8.76 with SMTP id 73mr8683415oii.326.1519738362556; Tue, 27 Feb 2018 05:32:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.97.201 with HTTP; Tue, 27 Feb 2018 05:32:42 -0800 (PST) From: Andrija Panic Date: Tue, 27 Feb 2018 14:32:42 +0100 Message-ID: Subject: Question: Domain filed on the SSL upload form To: users , dev Content-Type: multipart/alternative; boundary="94eb2c1307b6407420056631a968" --94eb2c1307b6407420056631a968 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, I got confused about the domain fields/API parameter that is used when uploading new SSL, to be used on CPVM and SSVM copy process (this is domain_suffix in cloud.keystore table) Due to some automation, I came across the following scenarios, which WORKS FINE, but I'm confused as how and why it works. New SSL that was issued for " *.domain1.com " was uploaded via API (CA, intermediate, server cert, and the key in pkcs8) - but doman specified during this SSL upload process was " domain2.com " (so NOT matching domain of the certificate) This causes the cloud.keystore table/rows to have this domain2.com in the last column next to CA/intermediate/server/key... (this is domain_suffix column) But in global config we define " *.domain1.com " as the CERT to be used for CPVM and for securing/encrypting secondary storage copy process between zones Same SSL is also used to i.e. download templates etc... So it all works fine, but...how ?, when "domain1.com" (instead of "*. domain2.com") was defined in uploadCertificate GUI/API - i.e. what is the use of this domain_suffix field at all ? Thx, --=20 Andrija Pani=C4=87 --94eb2c1307b6407420056631a968--