cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hongxi ma <hongxi...@citrix.com>
Subject RE: CloudStack 3.0.2: Failed to update SSL Certificate with no server side logs
Date Wed, 04 Jul 2012 04:56:54 GMT
Hi Tomas,

Thanks for the reply!

I also tried it successfully in a different CloudStack 3.0.2 setup, using the same install
package.

With the problematic setup, we once successfully upload the cert this morning, but only once,
always fail in the afterwards many tries.

So far have no idea why it behaves like that. Will do more experiments and share with any
findings.

Regards,
Hongxi

-----Original Message-----
From: Tamas Monos [mailto:tamasm@veber.co.uk] 
Sent: 2012年7月3日 0:48
To: cloudstack-users@incubator.apache.org
Subject: RE: CloudStack 3.0.2: Failed to update SSL Certificate with no server side logs

Hi,

I can't say anything regarding the key-length "issue" however I have just installed a 3.0.2
on CentOS 6.2 and it ate my 2048 cert with no problem. Please note I have installed the released
version not the latest master/dev.
You just simply copy/paste your cert into the cert field (pem format).

The key is the tricky part: 
'openssl pkcs8 -topk8 -in cert.key -inform pem -out certkey.pkcs8.key -outform pem -nocrypt'
Copy/paste the contents of the certkey.pkcs8.key file. 

Regards

Tamas Monos                                               DDI         +44(0)2034687012
Chief Technical                                             Office    +44(0)2034687000
Veber: The Hosting Specialists               Fax         +44(0)871 522 7057
http://www.veber.co.uk

Follow us on Twitter: www.twitter.com/veberhost
Follow us on Facebook: www.facebook.com/veberhost


-----Original Message-----
From: hongxi ma [mailto:hongxi.ma@citrix.com] 
Sent: 30 June 2012 03:24
To: cloudstack-users@incubator.apache.org
Subject: CloudStack 3.0.2: Failed to update SSL Certificate with no server side logs

Hi all,

I am using a CloudStack with version 3.0.2.20120506223416 on top of CentOS 6.2, when I was
trying to update SSL Certificate, I always receive error message "Failed to update SSL Certificate.[Nothing
else]", however, the same Certificate and Key pair (Length 2048) worked good in my CloudStack
3.0.1 setup which is on top of CentOS 5.7.

Here are other clues when this error happens:
1. There is nothing logged in mangement-server.log, just like the command didn't reach backend
logic code (monitored with 'tail -f management-server.log') 2. When use HttpWatch checking
the traffic, it showed below information:
  URL: http://202.**.**.**/client/api?command=uploadCustomCertificate&response=json&sessionkey=9AnSLbpSmcSodS1q1vtL9NldJjc%3D&certificate=-----BEGIN+CERTIFICAT....[cut]
  RESULT: ERROR_HTTP_INVALID_SERVER_RESPONSE
3. WireShark at the Client side showed the TCP of that CloudStack API request ended with RST
4. If paste the above URL to the client browser, will hit: Connection was reset 5. This always
happen in both IE and Firefox as client 6. This always happen in both LAN access and Internet
access to CloudStack Server

However, if I use very short string as input to "Certificate" and "private Key" field, it
will end up with correct error message "Failed to pass Certificate validation check", meanwhile,
there are good logs in backend.

Within CloudStack 3.0.1, I can reproduce the same behavior if the input is quite long enough,
such as: paste in three times the normal certificate and key, but it will always succeed when
with the right Content of Certificate and Key.

Hereby, I suspect it is related to the input length of the Cert and Key field.

Appreciated for any comments.

Thanks!

Mime
View raw message