cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
Date Tue, 07 Apr 2015 17:15:22 GMT
I would try to delete the keystore table (after backup),    then add the
cert.

Erik

Den tirsdag 7. april 2015 skrev Andrija Panic <andrija.panic@gmail.com>
følgende:

> I did found this in log:
>
> 2015-04-07 18:00:45,163 WARN  [c.c.k.KeystoreManagerImpl]
> (AgentConnectTaskPool-117:ctx-2a501782) Unable to build keystore for
> CPVMCertificate due to CertificateException
> 2015-04-07 18:00:45,163 ERROR [c.c.c.AgentHookBase]
> (AgentConnectTaskPool-117:ctx-2a501782) Could not find and construct a
> valid SSL certificate
>
> Any clues on this ?
>
> On 7 April 2015 at 19:01, Andrija Panic <andrija.panic@gmail.com
> <javascript:;>> wrote:
>
> > ok, I'm on 4.3.2, so there is only UI field for cert, key and
> > domainname.... so no field for i.e. password, as the key would have to
> been
> > decrypted sometimes if it is encrypted.
> >
> > My possible problem - I see both old intermediate1 cert and the new
> > intermediate1 cert in database, but only 1 ROOT CA (might have been - I
> > used the same name so odl ROOT CA was overwriten)
> >
> > Main CERT and the key looks fine in database...
> >
> >
> > On 7 April 2015 at 18:59, Erik Weber <terbolous@gmail.com <javascript:;>>
> wrote:
> >
> >> Your private key is decrypted, my issue was that it should've been
> >> encrypted.
> >>
> >> However, that could be 4.5 specific. You'll get an exception if you
> >> encounter the same.
> >>
> >>
> >> Erik
> >>
> >> Den tirsdag 7. april 2015 skrev Andrija Panic <andrija.panic@gmail.com
> <javascript:;>>
> >> følgende:
> >>
> >> > Thx Erik,
> >> >
> >> > per my understanding, private key needs to be DEcrypted, and uploaded
> >> > through UI... ?
> >> >
> >> > On 7 April 2015 at 18:48, Erik Weber <terbolous@gmail.com
> <javascript:;>
> >> <javascript:;>>
> >> > wrote:
> >> >
> >> > > Also, take a backup first, then remove the realhostip occurence and
> >> set
> >> > seq
> >> > > to 0 for your cert.
> >> > >
> >> > > Erik
> >> > >
> >> > > Den tirsdag 7. april 2015 skrev Erik Weber <terbolous@gmail.com
> <javascript:;>
> >> > <javascript:;>> følgende:
> >> > >
> >> > > > Nothing in the logs?
> >> > > >
> >> > > > I had an issue where the private key wasn't being encrypted and
> had
> >> to
> >> > > fix
> >> > > > it by encrypting manually. But I also had could not decrypt
> >> exceptions
> >> > in
> >> > > > the logs.
> >> > > >
> >> > > > Erik
> >> > > >
> >> > > > Den tirsdag 7. april 2015 skrev Andrija Panic <
> >> andrija.panic@gmail.com <javascript:;>
> >> > <javascript:;>
> >> > > > <javascript:_e(%7B%7D,'cvml','andrija.panic@gmail.com
> <javascript:;>
> >> <javascript:;>');>>
> >> > følgende:
> >> > > >
> >> > > >> Hi guys,
> >> > > >>
> >> > > >> our SSL just expired, and I needed to upload new ROOT CA,
> >> Intemediata
> >> > > ROOT
> >> > > >> CA, and at the end SSL for sever and a private key.
> >> > > >>
> >> > > >> I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
> >> > > >> Intermediate
> >> > > >> ROOT CA, via API, with URL encoded stuff - checked in database
> all
> >> > seems
> >> > > >> OK.
> >> > > >>
> >> > > >> But after uploading new SSL and private key, destroyed CPVM
and
> >> SSVM -
> >> > > my
> >> > > >> Console Proxy shows *.realiphost.com as the domain for the
SSL
> >> wjen I
> >> > > >> access
> >> > > >>
> >> > > >> Any clues what I did wrong ?
> >> > > >> Should I have somehow removed first old ROOT CA and old
> >> Intermediate
> >> > CA,
> >> > > >> and upload new ones ?
> >> > > >>
> >> > > >> Here is database content from cloud.keystore:
> >> > > >> http://snag.gy/LMA4h.jpg
> >> > > >>
> >> > > >> This means that for some reason, original realiphost.com
SSL is
> >> now
> >> > > used
> >> > > >> inside CPVM...
> >> > > >>
> >> > > >> Any help greatly appreciated, since this is live system...
> >> > > >>
> >> > > >> Thanks,
> >> > > >>
> >> > > >>
> >> > > >>
> >> > > >> --
> >> > > >>
> >> > > >> Andrija Panić
> >> > > >>
> >> > > >
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> >
> >> > Andrija Panić
> >> >
> >>
> >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
>
> Andrija Panić
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message