cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
Date Tue, 07 Apr 2015 17:10:59 GMT
I did found this in log:

2015-04-07 18:00:45,163 WARN  [c.c.k.KeystoreManagerImpl]
(AgentConnectTaskPool-117:ctx-2a501782) Unable to build keystore for
CPVMCertificate due to CertificateException
2015-04-07 18:00:45,163 ERROR [c.c.c.AgentHookBase]
(AgentConnectTaskPool-117:ctx-2a501782) Could not find and construct a
valid SSL certificate

Any clues on this ?

On 7 April 2015 at 19:01, Andrija Panic <andrija.panic@gmail.com> wrote:

> ok, I'm on 4.3.2, so there is only UI field for cert, key and
> domainname.... so no field for i.e. password, as the key would have to been
> decrypted sometimes if it is encrypted.
>
> My possible problem - I see both old intermediate1 cert and the new
> intermediate1 cert in database, but only 1 ROOT CA (might have been - I
> used the same name so odl ROOT CA was overwriten)
>
> Main CERT and the key looks fine in database...
>
>
> On 7 April 2015 at 18:59, Erik Weber <terbolous@gmail.com> wrote:
>
>> Your private key is decrypted, my issue was that it should've been
>> encrypted.
>>
>> However, that could be 4.5 specific. You'll get an exception if you
>> encounter the same.
>>
>>
>> Erik
>>
>> Den tirsdag 7. april 2015 skrev Andrija Panic <andrija.panic@gmail.com>
>> følgende:
>>
>> > Thx Erik,
>> >
>> > per my understanding, private key needs to be DEcrypted, and uploaded
>> > through UI... ?
>> >
>> > On 7 April 2015 at 18:48, Erik Weber <terbolous@gmail.com
>> <javascript:;>>
>> > wrote:
>> >
>> > > Also, take a backup first, then remove the realhostip occurence and
>> set
>> > seq
>> > > to 0 for your cert.
>> > >
>> > > Erik
>> > >
>> > > Den tirsdag 7. april 2015 skrev Erik Weber <terbolous@gmail.com
>> > <javascript:;>> følgende:
>> > >
>> > > > Nothing in the logs?
>> > > >
>> > > > I had an issue where the private key wasn't being encrypted and had
>> to
>> > > fix
>> > > > it by encrypting manually. But I also had could not decrypt
>> exceptions
>> > in
>> > > > the logs.
>> > > >
>> > > > Erik
>> > > >
>> > > > Den tirsdag 7. april 2015 skrev Andrija Panic <
>> andrija.panic@gmail.com
>> > <javascript:;>
>> > > > <javascript:_e(%7B%7D,'cvml','andrija.panic@gmail.com
>> <javascript:;>');>>
>> > følgende:
>> > > >
>> > > >> Hi guys,
>> > > >>
>> > > >> our SSL just expired, and I needed to upload new ROOT CA,
>> Intemediata
>> > > ROOT
>> > > >> CA, and at the end SSL for sever and a private key.
>> > > >>
>> > > >> I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
>> > > >> Intermediate
>> > > >> ROOT CA, via API, with URL encoded stuff - checked in database
all
>> > seems
>> > > >> OK.
>> > > >>
>> > > >> But after uploading new SSL and private key, destroyed CPVM and
>> SSVM -
>> > > my
>> > > >> Console Proxy shows *.realiphost.com as the domain for the SSL
>> wjen I
>> > > >> access
>> > > >>
>> > > >> Any clues what I did wrong ?
>> > > >> Should I have somehow removed first old ROOT CA and old
>> Intermediate
>> > CA,
>> > > >> and upload new ones ?
>> > > >>
>> > > >> Here is database content from cloud.keystore:
>> > > >> http://snag.gy/LMA4h.jpg
>> > > >>
>> > > >> This means that for some reason, original realiphost.com SSL is
>> now
>> > > used
>> > > >> inside CPVM...
>> > > >>
>> > > >> Any help greatly appreciated, since this is live system...
>> > > >>
>> > > >> Thanks,
>> > > >>
>> > > >>
>> > > >>
>> > > >> --
>> > > >>
>> > > >> Andrija Panić
>> > > >>
>> > > >
>> > >
>> >
>> >
>> >
>> > --
>> >
>> > Andrija Panić
>> >
>>
>
>
>
> --
>
> Andrija Panić
>



-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message