cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Billy Ramsay" <bram...@dynamicquest.com>
Subject Console Proxy Certificate Chain
Date Thu, 12 Dec 2013 22:20:04 GMT
All,

I am attempting to install a custom certificate for our console proxy VMs,
as we have setup our own DNS responder using the RHIP source. The
uploadCustomCertificate API command is not documented very well, and I'm
having issues getting the certificate to install correctly. If I am not
mistaken, a cert that requires an intermediate CA cannot be installed from
the web interface, and must be done using the API. However, when using
CloudMonkey, I cannot seem to get the certificate (and it's chain) uploaded
properly.

I am using the instructions here:
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certifi
cate-chains-in-cloudstack.html

However, I am using CloudMonkey and not the old Python wrapper.

The root and intermediate CA certs seem to upload without issue, but when I
view the "keystore" table in the CS database, the certs are formatted wrong
(the "\n"s did not get converted to new lines).

Also, the actual certificate will not upload, and the error I receive is
that the certificate failed validation. The certificate and key work fine
when I install them via the web interface (although there is not
intermediate CA installed, obviously).

What am I doing wrong?

Version info:

CloudStack 4.1.1
CloudMonkey 5.0.0



Mime
View raw message