cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Sadhu <Suresh.Sa...@citrix.com>
Subject RE: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
Date Tue, 07 Apr 2015 18:10:54 GMT
 If you have taken backup of  your  table(keystore) before upload then you revert to previous
state then upload the certificates again.

Encode(url ecode) the  root and intermediate keys while uploading through api
Root - seq 1 
Intermediate  seq 2

 And while uploading server certificate  through UI  don 't  encode the keys  ,enter only
 server certificate and private key(it should be PKCS#8 format) and domain name  because you
have already uploaded root and intermediate through API.( how to check certificate uploaded
correctly or not on system vms ,just run the keytool  -list on system vms --for syntax/description
  ref this blog it might useful to you : http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html)

Regards
Sadhu


-----Original Message-----
From: Andrija Panic [mailto:andrija.panic@gmail.com] 
Sent: 07 April 2015 23:19
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM

Thanks Suresh.

2 identical sequence numbers means:  first occurence is OLD Intermediate CA(from 1 year ago),
and the second occurence is the new one just uploaded (it happened I used different names)

for ROOT CA - it happened I used the same name "ROOT1" so the old one got overwriten with
seq number 1

Do you expect I should delete the old Intermediate1 CA manually (and leave only the new one)
?
Or am I expected to upload again ROOT/intermediate with exact same names and seq numbers ?

Thanks

On 7 April 2015 at 19:43, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:

> I see same sequence number for 2 intermediate certificates. does your 
> certificate has multiple  intermediate certificate or it has only one.
>
> The reason for getting realhost ip is . your certificate is not 
> applied correctly  that is reason it's still refer the old certificate.
>
>
> Regards
> sadhu
>
> -----Original Message-----
> From: Andrija Panic [mailto:andrija.panic@gmail.com]
> Sent: 07 April 2015 22:56
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>
> Hi Lucian
>
> yes it is *.domain.com (from 4.3.1 onwards)...
>
> If you can check my attached image, keystore tableseems messed a 
> little bit
> :)
> http://snag.gy/LMA4h.jpg
>
>
> On 7 April 2015 at 19:12, Nux! <nux@li.nux.ro> wrote:
>
> > Can you check secstorage.ssl.cert.domain in global settings and see 
> > if it's the correct one?
> > Should be *.blah.tld or whatever your domain is.
> >
> >
> > HTH
> > Lucian
> >
> > --
> > Sent from the Delta quadrant using Borg technology!
> >
> > Nux!
> > www.nux.ro
> >
> > ----- Original Message -----
> > > From: "Andrija Panic" <andrija.panic@gmail.com>
> > > To: users@cloudstack.apache.org, dev@cloudstack.apache.org
> > > Sent: Tuesday, 7 April, 2015 17:42:35
> > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
> >
> > > Hi guys,
> > >
> > > our SSL just expired, and I needed to upload new ROOT CA, 
> > > Intemediata
> > ROOT
> > > CA, and at the end SSL for sever and a private key.
> > >
> > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
> > Intermediate
> > > ROOT CA, via API, with URL encoded stuff - checked in database all 
> > > seems
> > OK.
> > >
> > > But after uploading new SSL and private key, destroyed CPVM and 
> > > SSVM
> > > - my Console Proxy shows *.realiphost.com as the domain for the 
> > > SSL wjen I access
> > >
> > > Any clues what I did wrong ?
> > > Should I have somehow removed first old ROOT CA and old 
> > > Intermediate CA, and upload new ones ?
> > >
> > > Here is database content from cloud.keystore:
> > > http://snag.gy/LMA4h.jpg
> > >
> > > This means that for some reason, original realiphost.com SSL is 
> > > now used inside CPVM...
> > >
> > > Any help greatly appreciated, since this is live system...
> > >
> > > Thanks,
> > >
> > >
> > >
> > > --
> > >
> > > Andrija Panić
> >
>
>
>
> --
>
> Andrija Panić
>



-- 

Andrija Panić
Mime
View raw message