cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Booth <robert.bo...@trebortech.com>
Subject Re: consoleproxy.url.domain not updating
Date Mon, 31 Dec 2012 04:37:25 GMT
Kirk,

When I open a browser window directly to the console server I get an
invalid certificate error.

"This certificate was signed by an unknown authority"

I need to get that correct but will that stop me in my tracks?

When I click to ignore I get a 404 Not Found error message "No context
found for request".

-Rob


On Sun, Dec 30, 2012 at 10:17 PM, Kirk Kosinski <kirkkosinski@gmail.com>wrote:

> What is the error in the browser?  Can you connect to 443/tcp on the
> console proxy from your desktop?
>
> Best regards,
> Kirk
>
> On 12/30/2012 11:10 AM, Robert Booth wrote:
> > Thanks Kirk,
> >
> > Yes that did it. My domain name is now updated but I still feel no love
> > with the console proxy. The URL has been updated and everything is
> > resolving correctly but I still can't connect via the remote console.
> > I used a self-signed CA and server cert so I'm wondering if that is my
> > problem. I'm going to keep digging and what I'm missing. My guess is the
> > Root CA I created is not trusted in the system.
> >
> > As a side not for anyone trying to update the cert in the UI and getting
> an
> > error the it's an invalid cert I did the following.
> >
> > 1. Created CA private key
> > - openssl genrsa -des3 -out mydomain.priv.key 2048   * Remember password
> > you will need it
> >
> > 2. Created CA certificate request file
> > - openssl req -new -key mydomain.priv.key -out mydomain.req
> >
> > 3. Self-sign my CA request
> > - openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf
> > -extensions v3_ca -signkey mydomain.priv.key -in mydomain.req -out
> > mydomain.crt
> >
> > 4. Created a server key
> > - openssl genrsa -out cloud.mydomain.priv.key 2048
> >
> > 5. Generate Server certificate request file
> > - openssl req -new -key cloud.mydomain.priv.key -out cloud.mydomain.req
> >
> > 6. Sign my server request
> > - openssl x509 -req -days 7000 -sha1 -extfile /etc/ssl/openssl.cnf
> > -extensions v3_req -CA mydomain.crt -CAkey mydomain.priv.key
> > -CAcreateserial -in cloud.mydomain.req -out cloud.mydomain.crt
> >
> > *** This last step is what fixed my UI error on an invalid SSL key
> > 7. create a PKCS8 key file
> > - openssl pkcs8 -topk8 -in cloud.mydomain.priv.key -inform pem -out
> > cloud.mydomain.pkcs8.key -outform pem -nocrypt
> >
> >
> > In the UI put the contents of cloud.mydomain.crt into certificate field.
> > Put the contents on cloud.mydomain.pkcs8.key into the PKCS#8 Private Key
> > and finally put your domain name in.
> >
> >
> >
> >
> > On Sun, Dec 30, 2012 at 4:55 AM, Kirk Kosinski <kirkkosinski@gmail.com
> >wrote:
> >
> >> Hi, Rob.  I don't know what that global setting is supposed to do.  To
> >> update the domain, follow the procedure to update the SSL certificate
> >> (in UI, Infrastructure > Update SSL Certificate), which includes the
> >> option to update the domain.
> >>
> >> Best regards,
> >> Kirk
> >>
> >> On 12/29/2012 12:36 PM, Robert Booth wrote:
> >>> I'm trying to get the remote console view to work but I can't seem to
> get
> >>> past the realhostip.com url setting.
> >>>
> >>> I have a fresh install of CloudStack 4.0 on updated Ubuntu 12.04
> >> management
> >>> server and host. I'm running KVM on the host.
> >>>
> >>> I've updated the consoleproxy.url.domain setting on the management
> server
> >>> to a valid external domain name and restarted my management server and
> no
> >>> luck.
> >>>
> >>> Things I've tried.
> >>>
> >>> Restarted the management server
> >>>
> >>> Restarted the agent service
> >>>
> >>> Removed all system vms and recreated them.
> >>>
> >>> Rebooted the management server and the host
> >>>
> >>> I still get the realhostip.com address when I try to console into a vm
> >> via
> >>> the UI.
> >>>
> >>> Any help would be great!
> >>>
> >>> Thanks,
> >>> Rob
> >>>
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message