cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Sadhu <Suresh.Sa...@citrix.com>
Subject RE: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
Date Thu, 16 Apr 2015 12:28:34 GMT
Good  to hear. If you feel documentation is not clear then please raise the doc bug for the
same.

Regards
Sadhu


-----Original Message-----
From: Andrija Panic [mailto:andrija.panic@gmail.com] 
Sent: 15 April 2015 16:39
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM

Hi guys,

just to update - issue solved:

Deleted the 5th row, so only 4 additional rows left (as original keystore table layout prior
to replacing certificate)

The problem was actually, while URL encoding ROOT CA and Intermediate CA, the plus sign (
+ ) was replaced by SPACE...

Thanks for all the help everybody


On 7 April 2015 at 20:10, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:

>  If you have taken backup of  your  table(keystore) before upload then 
> you revert to previous state then upload the certificates again.
>
> Encode(url ecode) the  root and intermediate keys while uploading 
> through api Root - seq 1 Intermediate  seq 2
>
>  And while uploading server certificate  through UI  don 't  encode 
> the keys  ,enter only  server certificate and private key(it should be 
> PKCS#8
> format) and domain name  because you have already uploaded root and 
> intermediate through API.( how to check certificate uploaded correctly 
> or not on system vms ,just run the keytool  -list on system vms --for
> syntax/description   ref this blog it might useful to you :
> http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-whi
> le.html
> )
>
> Regards
> Sadhu
>
>
> -----Original Message-----
> From: Andrija Panic [mailto:andrija.panic@gmail.com]
> Sent: 07 April 2015 23:19
> To: dev@cloudstack.apache.org
> Cc: users@cloudstack.apache.org
> Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>
> Thanks Suresh.
>
> 2 identical sequence numbers means:  first occurence is OLD 
> Intermediate CA(from 1 year ago), and the second occurence is the new 
> one just uploaded (it happened I used different names)
>
> for ROOT CA - it happened I used the same name "ROOT1" so the old one 
> got overwriten with seq number 1
>
> Do you expect I should delete the old Intermediate1 CA manually (and 
> leave only the new one) ?
> Or am I expected to upload again ROOT/intermediate with exact same 
> names and seq numbers ?
>
> Thanks
>
> On 7 April 2015 at 19:43, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:
>
> > I see same sequence number for 2 intermediate certificates. does 
> > your certificate has multiple  intermediate certificate or it has only one.
> >
> > The reason for getting realhost ip is . your certificate is not 
> > applied correctly  that is reason it's still refer the old certificate.
> >
> >
> > Regards
> > sadhu
> >
> > -----Original Message-----
> > From: Andrija Panic [mailto:andrija.panic@gmail.com]
> > Sent: 07 April 2015 22:56
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
> >
> > Hi Lucian
> >
> > yes it is *.domain.com (from 4.3.1 onwards)...
> >
> > If you can check my attached image, keystore tableseems messed a 
> > little bit
> > :)
> > http://snag.gy/LMA4h.jpg
> >
> >
> > On 7 April 2015 at 19:12, Nux! <nux@li.nux.ro> wrote:
> >
> > > Can you check secstorage.ssl.cert.domain in global settings and 
> > > see if it's the correct one?
> > > Should be *.blah.tld or whatever your domain is.
> > >
> > >
> > > HTH
> > > Lucian
> > >
> > > --
> > > Sent from the Delta quadrant using Borg technology!
> > >
> > > Nux!
> > > www.nux.ro
> > >
> > > ----- Original Message -----
> > > > From: "Andrija Panic" <andrija.panic@gmail.com>
> > > > To: users@cloudstack.apache.org, dev@cloudstack.apache.org
> > > > Sent: Tuesday, 7 April, 2015 17:42:35
> > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
> > >
> > > > Hi guys,
> > > >
> > > > our SSL just expired, and I needed to upload new ROOT CA, 
> > > > Intemediata
> > > ROOT
> > > > CA, and at the end SSL for sever and a private key.
> > > >
> > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
> > > Intermediate
> > > > ROOT CA, via API, with URL encoded stuff - checked in database 
> > > > all seems
> > > OK.
> > > >
> > > > But after uploading new SSL and private key, destroyed CPVM and 
> > > > SSVM
> > > > - my Console Proxy shows *.realiphost.com as the domain for the 
> > > > SSL wjen I access
> > > >
> > > > Any clues what I did wrong ?
> > > > Should I have somehow removed first old ROOT CA and old 
> > > > Intermediate CA, and upload new ones ?
> > > >
> > > > Here is database content from cloud.keystore:
> > > > http://snag.gy/LMA4h.jpg
> > > >
> > > > This means that for some reason, original realiphost.com SSL is 
> > > > now used inside CPVM...
> > > >
> > > > Any help greatly appreciated, since this is live system...
> > > >
> > > > Thanks,
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Andrija Panić
> > >
> >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
>
> Andrija Panić
>



-- 

Andrija Panić
Mime
View raw message