cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Booth <robert.bo...@trebortech.com>
Subject Re: consoleproxy.url.domain not updating
Date Mon, 31 Dec 2012 14:00:36 GMT
Kirk,

When I try to connect via the UI "View Console" link I get

This webpage is not available

The webpage at *https://......my console server dns
name......../ajax?token=Gt3DTg7XXUFOpQjQX1hY9tyik9hj-No8TbP2jveS5VNPdMaqHnAwasJJhHOkX0QSUFHPcWfTlT9dgbd5AUvKfr0knkdeS51Ghb4u6DzBkq8iwUipstcz4JG5FOCKPO4VtDW3tne4FRcqkhJWwOvCc9Tl0LYv9Q3qg50ssYG3mrg7BBYmV8iJy7VmNxPmMQ38jqIRk4N4gbB3HwHQcxi3TY3G9BwKVcFkY4i06X4sIG_fe4C1ugAnSAy0F94hekCV5wPaaGu4kWA
* might be temporarily down or it may have moved permanently to a new web
address.

Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.


Funny thing is when I hover over the "View Console" button the url shown in
the browser status bar is http://CloudManagement:8080/client/#. Using the
chrome developer tools I found the href tag is set to "#".


-Rob


On Sun, Dec 30, 2012 at 10:51 PM, Kirk Kosinski <kirkkosinski@gmail.com>wrote:

> Opening a browser window directly to HTTPS on a console proxy will
> normally give a 404 error.  Try accessing a VM console through the
> CloudStack UI (which should generate and use a valid URL to the console
> proxy) and ignore the cert error to see what happens.
>
> Kirk
>
> On 12/30/2012 08:37 PM, Robert Booth wrote:
> > Kirk,
> >
> > When I open a browser window directly to the console server I get an
> > invalid certificate error.
> >
> > "This certificate was signed by an unknown authority"
> >
> > I need to get that correct but will that stop me in my tracks?
> >
> > When I click to ignore I get a 404 Not Found error message "No context
> > found for request".
> >
> > -Rob
> >
> >
> > On Sun, Dec 30, 2012 at 10:17 PM, Kirk Kosinski <kirkkosinski@gmail.com
> >wrote:
> >
> >> What is the error in the browser?  Can you connect to 443/tcp on the
> >> console proxy from your desktop?
> >>
> >> Best regards,
> >> Kirk
> >>
> >> On 12/30/2012 11:10 AM, Robert Booth wrote:
> >>> Thanks Kirk,
> >>>
> >>> Yes that did it. My domain name is now updated but I still feel no love
> >>> with the console proxy. The URL has been updated and everything is
> >>> resolving correctly but I still can't connect via the remote console.
> >>> I used a self-signed CA and server cert so I'm wondering if that is my
> >>> problem. I'm going to keep digging and what I'm missing. My guess is
> the
> >>> Root CA I created is not trusted in the system.
> >>>
> >>> As a side not for anyone trying to update the cert in the UI and
> getting
> >> an
> >>> error the it's an invalid cert I did the following.
> >>>
> >>> 1. Created CA private key
> >>> - openssl genrsa -des3 -out mydomain.priv.key 2048   * Remember
> password
> >>> you will need it
> >>>
> >>> 2. Created CA certificate request file
> >>> - openssl req -new -key mydomain.priv.key -out mydomain.req
> >>>
> >>> 3. Self-sign my CA request
> >>> - openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf
> >>> -extensions v3_ca -signkey mydomain.priv.key -in mydomain.req -out
> >>> mydomain.crt
> >>>
> >>> 4. Created a server key
> >>> - openssl genrsa -out cloud.mydomain.priv.key 2048
> >>>
> >>> 5. Generate Server certificate request file
> >>> - openssl req -new -key cloud.mydomain.priv.key -out cloud.mydomain.req
> >>>
> >>> 6. Sign my server request
> >>> - openssl x509 -req -days 7000 -sha1 -extfile /etc/ssl/openssl.cnf
> >>> -extensions v3_req -CA mydomain.crt -CAkey mydomain.priv.key
> >>> -CAcreateserial -in cloud.mydomain.req -out cloud.mydomain.crt
> >>>
> >>> *** This last step is what fixed my UI error on an invalid SSL key
> >>> 7. create a PKCS8 key file
> >>> - openssl pkcs8 -topk8 -in cloud.mydomain.priv.key -inform pem -out
> >>> cloud.mydomain.pkcs8.key -outform pem -nocrypt
> >>>
> >>>
> >>> In the UI put the contents of cloud.mydomain.crt into certificate
> field.
> >>> Put the contents on cloud.mydomain.pkcs8.key into the PKCS#8 Private
> Key
> >>> and finally put your domain name in.
> >>>
> >>>
> >>>
> >>>
> >>> On Sun, Dec 30, 2012 at 4:55 AM, Kirk Kosinski <kirkkosinski@gmail.com
> >>> wrote:
> >>>
> >>>> Hi, Rob.  I don't know what that global setting is supposed to do. 
To
> >>>> update the domain, follow the procedure to update the SSL certificate
> >>>> (in UI, Infrastructure > Update SSL Certificate), which includes
the
> >>>> option to update the domain.
> >>>>
> >>>> Best regards,
> >>>> Kirk
> >>>>
> >>>> On 12/29/2012 12:36 PM, Robert Booth wrote:
> >>>>> I'm trying to get the remote console view to work but I can't seem
to
> >> get
> >>>>> past the realhostip.com url setting.
> >>>>>
> >>>>> I have a fresh install of CloudStack 4.0 on updated Ubuntu 12.04
> >>>> management
> >>>>> server and host. I'm running KVM on the host.
> >>>>>
> >>>>> I've updated the consoleproxy.url.domain setting on the management
> >> server
> >>>>> to a valid external domain name and restarted my management server
> and
> >> no
> >>>>> luck.
> >>>>>
> >>>>> Things I've tried.
> >>>>>
> >>>>> Restarted the management server
> >>>>>
> >>>>> Restarted the agent service
> >>>>>
> >>>>> Removed all system vms and recreated them.
> >>>>>
> >>>>> Rebooted the management server and the host
> >>>>>
> >>>>> I still get the realhostip.com address when I try to console into
a
> vm
> >>>> via
> >>>>> the UI.
> >>>>>
> >>>>> Any help would be great!
> >>>>>
> >>>>> Thanks,
> >>>>> Rob
> >>>>>
> >>>>
> >>>
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message