cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fuchs, Andreas (SwissTXT)" <Andreas.Fu...@swisstxt.ch>
Subject RE: Console Proxy Certificates
Date Mon, 04 Mar 2013 09:14:23 GMT
Hi Paul

Weh ad exactly the same issue, tryed with removing newlines adding the whole cert chain and
many other things. 
The guy was always refusing due to non printable chars or just failed. Then we tried over
the API and also without success. We ended up with backing up our database and replacing the
cert directly in there, we know that this is not the way it should be done, but after spending
far too much time with gui and api we are happy that it works now.

Andi

-----Original Message-----
From: Chip Childers [mailto:chip.childers@sungard.com] 
Sent: Samstag, 2. März 2013 19:54
To: cloudstack-users@incubator.apache.org
Subject: Re: Console Proxy Certificates

On Thu, Feb 28, 2013 at 10:03:05PM +0000, Paul Sanders wrote:
> Hello All,
> 
> I am trying to get the console proxy working through CloudStack and am 
> unable to update the SSL certificates and change from realworldip.com.
> 
> I have created my request and signed it from my internal CA. I have 
> also exported my private key in pkcs8.
> 
> When I enter my .cert and .pkcs8 into the cloudstack gui I get 'Failed 
> to update SSL Certificate'. There are no errors in management.log. 
> Where can I look to troubleshoot this issue?
> 
> It may be worth pointing out that the domain I am using is a .local as 
> it is a lab environment, but I cant see why that would be an issue.
> 
> Thanks
> 
> PAul
> 
> ---
> Kind Regards
> 
> Paul Sanders
> Mail: paul.sanders87@googlemail.com

I wrote a blog post about this (and still owe it to the project to add
docs) here:
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html

While your scenario isn't about using an intermediate CA, you are basically trying to add
a new root CA to the know root list in the keystore.  The trick is to use the API (instead
of the UI) to load the certs in the right order.

Give it a shot, and let me know if you have any questions.

Mime
View raw message