cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hongxi ma <hongxi...@citrix.com>
Subject CloudStack 3.0.2: Failed to update SSL Certificate with no server side logs
Date Sat, 30 Jun 2012 02:24:14 GMT
Hi all,

I am using a CloudStack with version 3.0.2.20120506223416 on top of CentOS 6.2, when I was
trying to update SSL Certificate, I always receive error message "Failed to update SSL Certificate.[Nothing
else]", however, the same Certificate and Key pair (Length 2048) worked good in my CloudStack
3.0.1 setup which is on top of CentOS 5.7.

Here are other clues when this error happens:
1. There is nothing logged in mangement-server.log, just like the command didn't reach backend
logic code (monitored with 'tail -f management-server.log')
2. When use HttpWatch checking the traffic, it showed below information:
  URL: http://202.**.**.**/client/api?command=uploadCustomCertificate&response=json&sessionkey=9AnSLbpSmcSodS1q1vtL9NldJjc%3D&certificate=-----BEGIN+CERTIFICAT....[cut]
  RESULT: ERROR_HTTP_INVALID_SERVER_RESPONSE
3. WireShark at the Client side showed the TCP of that CloudStack API request ended with RST
4. If paste the above URL to the client browser, will hit: Connection was reset
5. This always happen in both IE and Firefox as client
6. This always happen in both LAN access and Internet access to CloudStack Server

However, if I use very short string as input to "Certificate" and "private Key" field, it
will end up with correct error message "Failed to pass Certificate validation check", meanwhile,
there are good logs in backend.

Within CloudStack 3.0.1, I can reproduce the same behavior if the input is quite long enough,
such as: paste in three times the normal certificate and key, but it will always succeed when
with the right Content of Certificate and Key.

Hereby, I suspect it is related to the input length of the Cert and Key field.

Appreciated for any comments.

Thanks!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message