cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
Date Thu, 16 Apr 2015 13:40:28 GMT
Suresh,

not sure if I miss something, but on:
http://cloudstack-administration.readthedocs.org/en/4.4/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain
I dont see any mentioning of ROOT CA, and Intermediate CA.

The only page I found that references these, is:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name

Not sure how to edit this one ?

Thanks

On 16 April 2015 at 14:28, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:

> Good  to hear. If you feel documentation is not clear then please raise
> the doc bug for the same.
>
> Regards
> Sadhu
>
>
> -----Original Message-----
> From: Andrija Panic [mailto:andrija.panic@gmail.com]
> Sent: 15 April 2015 16:39
> To: dev@cloudstack.apache.org
> Cc: users@cloudstack.apache.org
> Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
>
> Hi guys,
>
> just to update - issue solved:
>
> Deleted the 5th row, so only 4 additional rows left (as original keystore
> table layout prior to replacing certificate)
>
> The problem was actually, while URL encoding ROOT CA and Intermediate CA,
> the plus sign ( + ) was replaced by SPACE...
>
> Thanks for all the help everybody
>
>
> On 7 April 2015 at 20:10, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:
>
> >  If you have taken backup of  your  table(keystore) before upload then
> > you revert to previous state then upload the certificates again.
> >
> > Encode(url ecode) the  root and intermediate keys while uploading
> > through api Root - seq 1 Intermediate  seq 2
> >
> >  And while uploading server certificate  through UI  don 't  encode
> > the keys  ,enter only  server certificate and private key(it should be
> > PKCS#8
> > format) and domain name  because you have already uploaded root and
> > intermediate through API.( how to check certificate uploaded correctly
> > or not on system vms ,just run the keytool  -list on system vms --for
> > syntax/description   ref this blog it might useful to you :
> > http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-whi
> > le.html
> > )
> >
> > Regards
> > Sadhu
> >
> >
> > -----Original Message-----
> > From: Andrija Panic [mailto:andrija.panic@gmail.com]
> > Sent: 07 April 2015 23:19
> > To: dev@cloudstack.apache.org
> > Cc: users@cloudstack.apache.org
> > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
> >
> > Thanks Suresh.
> >
> > 2 identical sequence numbers means:  first occurence is OLD
> > Intermediate CA(from 1 year ago), and the second occurence is the new
> > one just uploaded (it happened I used different names)
> >
> > for ROOT CA - it happened I used the same name "ROOT1" so the old one
> > got overwriten with seq number 1
> >
> > Do you expect I should delete the old Intermediate1 CA manually (and
> > leave only the new one) ?
> > Or am I expected to upload again ROOT/intermediate with exact same
> > names and seq numbers ?
> >
> > Thanks
> >
> > On 7 April 2015 at 19:43, Suresh Sadhu <Suresh.Sadhu@citrix.com> wrote:
> >
> > > I see same sequence number for 2 intermediate certificates. does
> > > your certificate has multiple  intermediate certificate or it has only
> one.
> > >
> > > The reason for getting realhost ip is . your certificate is not
> > > applied correctly  that is reason it's still refer the old certificate.
> > >
> > >
> > > Regards
> > > sadhu
> > >
> > > -----Original Message-----
> > > From: Andrija Panic [mailto:andrija.panic@gmail.com]
> > > Sent: 07 April 2015 22:56
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
> > >
> > > Hi Lucian
> > >
> > > yes it is *.domain.com (from 4.3.1 onwards)...
> > >
> > > If you can check my attached image, keystore tableseems messed a
> > > little bit
> > > :)
> > > http://snag.gy/LMA4h.jpg
> > >
> > >
> > > On 7 April 2015 at 19:12, Nux! <nux@li.nux.ro> wrote:
> > >
> > > > Can you check secstorage.ssl.cert.domain in global settings and
> > > > see if it's the correct one?
> > > > Should be *.blah.tld or whatever your domain is.
> > > >
> > > >
> > > > HTH
> > > > Lucian
> > > >
> > > > --
> > > > Sent from the Delta quadrant using Borg technology!
> > > >
> > > > Nux!
> > > > www.nux.ro
> > > >
> > > > ----- Original Message -----
> > > > > From: "Andrija Panic" <andrija.panic@gmail.com>
> > > > > To: users@cloudstack.apache.org, dev@cloudstack.apache.org
> > > > > Sent: Tuesday, 7 April, 2015 17:42:35
> > > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
> > > >
> > > > > Hi guys,
> > > > >
> > > > > our SSL just expired, and I needed to upload new ROOT CA,
> > > > > Intemediata
> > > > ROOT
> > > > > CA, and at the end SSL for sever and a private key.
> > > > >
> > > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
> > > > Intermediate
> > > > > ROOT CA, via API, with URL encoded stuff - checked in database
> > > > > all seems
> > > > OK.
> > > > >
> > > > > But after uploading new SSL and private key, destroyed CPVM and
> > > > > SSVM
> > > > > - my Console Proxy shows *.realiphost.com as the domain for the
> > > > > SSL wjen I access
> > > > >
> > > > > Any clues what I did wrong ?
> > > > > Should I have somehow removed first old ROOT CA and old
> > > > > Intermediate CA, and upload new ones ?
> > > > >
> > > > > Here is database content from cloud.keystore:
> > > > > http://snag.gy/LMA4h.jpg
> > > > >
> > > > > This means that for some reason, original realiphost.com SSL is
> > > > > now used inside CPVM...
> > > > >
> > > > > Any help greatly appreciated, since this is live system...
> > > > >
> > > > > Thanks,
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Andrija Panić
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > Andrija Panić
> > >
> >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
>
> Andrija Panić
>



-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message