cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amogh Vasekar <>
Subject Re: ACS 4.3.1 disable or SSL
Date Sat, 20 Sep 2014 18:33:07 GMT

I believe this is by design for SSL - a user would see a HTTPS site
thinking everything is secure and encrypted, only to realize later that
some part is in fact insecure. Hence, instead of trying to circumvent the
security mechanism, you can try the steps at :

This would help create your own certificate chain. The downside being your
users would need to add the custom root CA in the browser (a practice
followed by many companies for internal network), or simply accept the
security warning the first time they access your domain.
Please note that this would still need a publicly resolvable domain (or
add the mappings directly in /etc/hosts if it is more convenient)


On 9/20/14 11:22 AM, "France" <> wrote:

>It worked for us. Well kind of.
>The problem is now, that we have https for default admin interface, while
>console opens as iframe to http content and browsers such as firefox will
>not load content, because it is not on https.
>They call it: "Mixed Content Blocking Enabled²:
>Do you have any recommendations what to do in order to get around this?
>We will not buy a wildcard certificate, because it is to expensive for us.
>On 20 Sep 2014, at 15:21, France <> wrote:
>> I will just empty these two fields in global config:
>> secstorage.ssl.cert.domain
>> consoleproxy.url.domain
>> restart CS and restart the console proxy..
>> ҆ and hope for the best. :-)
>> If you do not hear from me on this, then this worked and others can do
>>it too.
>> Regards,
>> F.
>> On 20 Sep 2014, at 15:16, Aldis Gerhards <> wrote:
>>> We got the same problem. It seemed like a bug :) we downgraded back to
>>>4.3.0 because pf this issue.
>>> Sent from my iPhone
>>>> On 2014. gada 20. sept., at 15:39, France <> wrote:
>>>> Hi guys,
>>>> how do we disable service with its certificates on ACS
>>>>4.3.1, to get consoleproxy working without ties to
>>>> We are happy with HTTP only for now.
>>>> Regards,
>>>> F.

View raw message