cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sonali Jadhav <son...@servercentralen.se>
Subject RE: CPVM and SSVM certificate not working
Date Mon, 27 Apr 2015 08:55:54 GMT
I still have this weird problem with certificate. Now I cross checked my certificate is working
fine for SSVM but not for CPVM. I am able to download templates.

When I access console I get error saying
cloudcentral.net uses an invalid security certificate.
The certificate is only valid for the following names:
  *.realhostip.com, realhostip.com  
(Error code: ssl_error_bad_cert_domain)

But I have applied that cert, I checked at SSVM, I can see my wildcard certificate at /etc/ssl/certs/cert_apache.crt
also I can see private certificate at /etc/ssl/private/cert_private.crt.
Then I cross checked /usr/local/cloud/systemvm/certs/realhostip.keystore I can see root certificate
I gave from UI.

But none of this happens at CPVM, I searched entire disk of cpvm , I did not found my custom
wildcard certificate.  I check cloud.log I do see events like this,

2015-04-27 08:40:10,677 INFO  [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] (Console-Proxy-Main:null)
Initializing SSL from built-in default certificate


But then somehow it's not getting certificate I upload from management server. I also checked
/usr/local/cloud/systemvm/certs/realhostip.keystore at CPVM. I only see realhostip and godaddy
catrust certificates. 

I am not getting this. Anyone can suggest something, how I can troubleshoot this?
Keeping it high priority, since my customers are unable to take vm consoles. :(

/Sonali

-----Original Message-----
From: Sonali Jadhav 
Sent: Thursday, April 23, 2015 11:47 AM
To: users@cloudstack.apache.org
Subject: RE: CPVM and SSVM certificate not working

Hi yes, I created DNS record.

Consider my domain is cloudcentral.net
And CPVM and SSVM public IP addresses are 189.34.45.23 and 189.34.45.24, So in dns zone of
cloudcentral.net i have added,

189-34-45-23  A   189.34.45.23
189-34-45-24   A   189.34.45.24

And when I access vm console I see this in mgmt. logs , as per logs its accessing https://cloudcentral.net/
? I am confused, is it correct ?


2015-04-23 07:48:22,880 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-8:null) SeqA
2-7930: Processing Seq 2-7930:  { Cmd , MgmtId: -1, via: 2, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":1,"_loadInfo":"{\n
 \"connections\": []\n}","wait":0}}] }
2015-04-23 07:48:22,924 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-8:null) SeqA
2-7930: Sending Seq 2-7930:  { Ans: , MgmtId: 59778234354585, via: 2, Ver: v1, Flags: 100010,
[{"com.cloud.agent.api.AgentControlAnswer":{"result":true,"wait":0}}] }
2015-04-23 07:48:26,132 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-9a28866e)
Found 9 routers to update status. 
2015-04-23 07:48:26,135 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-9a28866e)
Found 0 networks to update RvR status. 
2015-04-23 07:48:27,590 DEBUG [c.c.a.t.Request] (http-6443-exec-3:null) Seq 1-8790463522673790330:
Sending  { Cmd , MgmtId: 59778234354585, via: 1(SeSolXS01), Ver: v1, Flags: 100011, [{"com.cloud.agent.api.GetVncPortCommand":{"id":43,"name":"i-12-43-VM","wait":0}}]
}
2015-04-23 07:48:27,590 DEBUG [c.c.a.t.Request] (http-6443-exec-3:null) Seq 1-8790463522673790330:
Executing:  { Cmd , MgmtId: 59778234354585, via: 1(SeSolXS01), Ver: v1, Flags: 100011, [{"com.cloud.agent.api.GetVncPortCommand":{"id":43,"name":"i-12-43-VM","wait":0}}]
}
2015-04-23 07:48:27,590 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-99:ctx-43799e5f) Seq
1-8790463522673790330: Executing request
2015-04-23 07:48:27,616 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-99:ctx-43799e5f) Seq
1-8790463522673790330: Response Received: 
2015-04-23 07:48:27,616 DEBUG [c.c.a.t.Request] (DirectAgent-99:ctx-43799e5f) Seq 1-8790463522673790330:
Processing:  { Ans: , MgmtId: 59778234354585, via: 1, Ver: v1, Flags: 10, [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"consoleurl=https://172.16.5.199/console?uuid=dd68ab81-13c5-24d2-d820-4838164da0bb&sessionref=OpaqueRef:ba85e3b7-d550-1332-1162-48797c9f64af","port":-1,"result":true,"wait":0}}]
}
2015-04-23 07:48:27,616 DEBUG [c.c.a.t.Request] (http-6443-exec-3:null) Seq 1-8790463522673790330:
Received:  { Ans: , MgmtId: 59778234354585, via: 1, Ver: v1, Flags: 10, { GetVncPortAnswer
} }
2015-04-23 07:48:27,617 DEBUG [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) Port info
consoleurl=https://172.16.5.199/console?uuid=dd68ab81-13c5-24d2-d820-4838164da0bb&sessionref=OpaqueRef:ba85e3b7-d550-1332-1162-48797c9f64af
2015-04-23 07:48:27,617 INFO  [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) Parse host
info returned from executing GetVNCPortCommand. host info: consoleurl=https://172.16.5.199/console?uuid=dd68ab81-13c5-24d2-d820-4838164da0bb&sessionref=OpaqueRef:ba85e3b7-d550-1332-1162-48797c9f64af
2015-04-23 07:48:27,622 DEBUG [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) Compose
console url: https://cloudcentral.net/ajax?token=MXvHQqrZKwZ8a-z-BCsX79s9W5SS72hSW9h0FatY22TYJMB7zPJqDZUyXAMoQNUUFC8_jKCqqkeCxN1ytjHMiRsBIyfe-IaLz_WN7mwhvdniOVYhIflBEHcxmjqqjVgfTOsBhgxVXYmsTrRavXyMSgw1s2pAE5ou55q7nmCUWGy0YY_QY8nzTd5P2azvfKRX5OcUdb7h5rlWLVCk4T5y47_BRgM2gX56l7L2uO2Yh45sP2YLCVrn7PGrYS-ZV0arP1H3lLzo8VpsNWpkO72CE8KhO50MAuiNHufxvPX_ZiOmhbki28Q2yV7IEgMVROyD4eL1YLvvHH3pp_nGKiOXdnd4LM4xXHjLSeUvzSGIGS48I6z7l0vJfV4X3nB3ssmkA_EYdY12a3_aiiVOFYxYJTXIkyP8Jbvh5JbsehYkNIUzpBz6Qc_74WwzLowrMFZw4IdDlAEDV4_uVXvfU_MrjHxyptRlOVNpr2MC197sCWg
2015-04-23 07:48:27,622 DEBUG [c.c.s.ConsoleProxyServlet] (http-6443-exec-3:null) the console
url is :: <html><title>vm-cc01</title><frameset><frame src="https://cloudcentral.net/ajax?token=MXvHQqrZKwZ8a-z-BCsX79s9W5SS72hSW9h0FatY22TYJMB7zPJqDZUyXAMoQNUUFC8_jKCqqkeCxN1ytjHMiRsBIyfe-IaLz_WN7mwhvdniOVYhIflBEHcxmjqqjVgfTOsBhgxVXYmsTrRavXyMSgw1s2pAE5ou55q7nmCUWGy0YY_QY8nzTd5P2azvfKRX5OcUdb7h5rlWLVCk4T5y47_BRgM2gX56l7L2uO2Yh45sP2YLCVrn7PGrYS-ZV0arP1H3lLzo8VpsNWpkO72CE8KhO50MAuiNHufxvPX_ZiOmhbki28Q2yV7IEgMVROyD4eL1YLvvHH3pp_nGKiOXdnd4LM4xXHjLSeUvzSGIGS48I6z7l0vJfV4X3nB3ssmkA_EYdY12a3_aiiVOFYxYJTXIkyP8Jbvh5JbsehYkNIUzpBz6Qc_74WwzLowrMFZw4IdDlAEDV4_uVXvfU_MrjHxyptRlOVNpr2MC197sCWg"></frame></frameset></html>
2015-04-23 07:48:29,537 INFO  [c.c.a.m.AgentManagerImpl] (AgentMonitor-1:ctx-0d617ea2) Found
the following agents behind on ping: [6, 5, 1, 4]
2015-04-23 07:48:29,541 DEBUG [c.c.h.Status] (AgentMonitor-1:ctx-0d617ea2) Ping timeout for
host 6, do invstigation


172.16.5.199 is IP address of mgmt. server, I have created nat to access it from outside like
https://portal.cloudcentral.net:6441/clinet 

/Sonali

-----Original Message-----
From: Andrija Panic [mailto:andrija.panic@gmail.com]
Sent: Wednesday, April 22, 2015 8:00 PM
To: users@cloudstack.apache.org
Subject: Re: CPVM and SSVM certificate not working

did you create all DNS records aaa-bbb-ccc-ddd.yourdomain.com ?
wild card SSL - any ROOT CA and Intermediate CA uploaded also ?

On 22 April 2015 at 15:52, Sonali Jadhav <sonali@servercentralen.se> wrote:

> Hi,
>
> I have installed certificate for CPVM and SSVM as per this
> http://support.citrix.com/article/CTX133468 or 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re
> place+realhostip.com+with+Your+Own+Domain+Name
>
> Now problem is, its giving error that server not found ?
> I don't see errors in mgmt. logs, nothing in cpvm logs as well.
> Its weird, Any suggestion ?
> /Sonali
>



-- 

Andrija Panić
Mime
View raw message