cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantinos Karampogias <konstantinos.karampog...@centralway.com>
Subject Re: Console Proxy SSL Error
Date Tue, 06 May 2014 14:29:46 GMT
I was also able to upload the root certificate and the intermediate
certificate using exactly
the script in this link
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html

I was not able to put my certificate and private key using the script,
but i did it through the cloudstack web interface.

A tip is to use api to get the error, for example when i was failing i
was getting the error
" cs job query cfa55630-6a76-4128-a759-469224ddee4f  -e cs3-admin
accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266
userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266
cmd : org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd
jobstatus : 2
jobprocstatus : 0
jobresultcode : 530
jobresulttype : object
jobresult :    errorcode : 530
   errortext : Failed to pass certificate validation check
created : 2014-05-06T15:47:52+0200
jobid : cfa55630-6a76-4128-a759-469224ddee4f"


when i succeeded  i got
"$ cs job query 686d4d71-94da-4b27-9629-9067793147fa -e cs3-admin
accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266
userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266
cmd : org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd
jobstatus : 1
jobprocstatus : 0
jobresultcode : 0
jobresulttype : object
jobresult :    customcertificate : {"message"=>"Certificate has been
updated, we will stop all running console proxy VMs and secondary
storage VMs to propagate the new certificate, please give a few
minutes for console access service to be up again"}
created : 2014-05-06T15:56:31+0200
jobid : 686d4d71-94da-4b27-9629-9067793147fa
"

After you verify that all keys are there, verify also the console
proxy is being restarted.



On Tue, May 6, 2014 at 1:21 PM, Ian Service <iservice@ts2.ca> wrote:
> I was able to get it all to work using the API.
>
> I followed Chip's advice
> http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
>
> The difference is is that I'm using my own CloudStack API wrapper in PHP
> and the certificates and private key needed to be url encoded twice (once
> for normal URL transmission and once before that for transmission into the
> system) before they would be pushed out correctly to the system VMs.  I
> also replaced all newlines with \r\n and trimmed off the white space from
> beginning and end of the strings for good measure.
>
> Before I discovered that, the certificates would look like they had been
> imported correctly in the database but were being prevented from being used
> on the Java end of things.
>
> - Ian
>
>
>
> On Tue, May 6, 2014 at 2:17 AM, Gopala Krishnan <gopkris2000@gmail.com>wrote:
>
>> Yes... I have changed manually id in keystore tables.
>>
>> 1 for root cert
>> 2 for intermediate CA
>> 3 for certificate
>>
>>
>>
>>
>> On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar <amogh.vasekar@citrix.com
>> >wrote:
>>
>> > Can you please outline the steps in uploading intermediate and root
>> > certificates? Specifically, was the "id" parameter set (1 for root, 2 for
>> > intermediate_ca_1 etc..)
>> >
>> > Amogh
>> >
>> > On 5/5/14 10:10 PM, "Gopala Krishnan" <gopkris2000@gmail.com> wrote:
>> >
>> > >Amogh,
>> > >
>> > >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
>> > >certificate as per order.  But still not console accessible.
>> > >
>> > >Any idea?
>> > >
>> > >
>> > >
>> > >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar
>> > ><amogh.vasekar@citrix.com>wrote:
>> > >
>> > >> Hi,
>> > >>
>> > >> Which version are you on? Also, did you upload the root and
>> intermediate
>> > >> certificates (if any)?
>> > >>
>> > >> Amogh
>> > >>
>> > >> On 5/3/14 3:38 AM, "Gopala Krishnan" <gopkris2000@gmail.com>
wrote:
>> > >>
>> > >> >Hi,
>> > >> >
>> > >> >I have tried to change realhostip.com for console proxy. I have
>> > created
>> > >> >SSL
>> > >> >certificate with wildcard SSL and updated as per the cloudstack
>> > >>document.
>> > >> >
>> > >> >
>> > >>
>> > >>
>> >
>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l
>> > >>a
>> > >> >test/systemvm.html#console-proxy
>> > >> >
>> > >> >Its not working.. I have done the following steps.
>> > >> >
>> > >> >Purchased SSL certificate for my domain *.hostname.com and updated
>> the
>> > >> >certificate via the cloudstack UI.
>> > >> >
>> > >> >Infrastructure - > SSL certificate
>> > >> >
>> > >> >Pasted the certificate
>> > >> >Pasted the Key
>> > >> >DNS domain = hostname.com
>> > >> >
>> > >> >Once completed, I have optimized the global settings
>> > >> >
>> > >> >consoleproxy.url.domain = hostname.com
>> > >> >
>> > >> >
>> > >> >When I click console for VM, It shows certificate trusted errors.
>> May I
>> > >> >know what I done wrong??
>> > >> >
>> > >> >
>> > >> >--
>> > >> >Gopala Krishnan.S
>> > >> >Mobile : +91 9865709094 / +91 9994874447
>> > >> >*cPanel KnowledgeBase <http://www.cpanelkb.net/>*
>> > >> >*Linux Server Admin Tools* <http://www.gnutoolbox.com>
>> > >>
>> > >>
>> > >
>> > >
>> > >--
>> > >Gopala Krishnan.S
>> > >Mobile : +91 9865709094 / +91 9994874447
>> > >*cPanel KnowledgeBase <http://www.cpanelkb.net/>*
>> > >*Linux Server Admin Tools* <http://www.gnutoolbox.com>
>> >
>> >
>>
>>
>> --
>> Gopala Krishnan.S
>> Mobile : +91 9865709094 / +91 9994874447
>> *cPanel KnowledgeBase <http://www.cpanelkb.net/>*
>> *Linux Server Admin Tools* <http://www.gnutoolbox.com>
>>



-- 
Centralway Factory AG | Konstantinos Karampogias, DevOps |  LinkedIn |
+ 41 44 578 40 00

Mime
View raw message