Return-Path: 
 <users-return-21364-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-users-archive@www.apache.org
Delivered-To: apmail-cloudstack-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CCEE717714
	for <apmail-cloudstack-users-archive@www.apache.org>;
 Tue,  7 Apr 2015 17:16:35 +0000 (UTC)
Received: (qmail 85579 invoked by uid 500); 7 Apr 2015 17:16:34 -0000
Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org
Received: (qmail 85527 invoked by uid 500); 7 Apr 2015 17:16:34 -0000
Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:users@cloudstack.apache.org>
List-Id: <users.cloudstack.apache.org>
Reply-To: users@cloudstack.apache.org
Delivered-To: mailing list users@cloudstack.apache.org
Received: (qmail 85515 invoked by uid 99); 7 Apr 2015 17:16:34 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Apr 2015 17:16:34 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of terbolous@gmail.com designates
 209.85.212.172 as permitted sender)
Received: from [209.85.212.172] (HELO mail-wi0-f172.google.com)
 (209.85.212.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Apr 2015 17:16:08 +0000
Received: by wiaa2 with SMTP id a2so27300513wia.0
        for <users@cloudstack.apache.org>;
 Tue, 07 Apr 2015 10:15:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=pNrD3SHrwJvkCcqBAqwY2BFpbl0UXe2Ob8P1zrDZVgE=;
        b=vhsdPTdKKlulVFBWjF/spSx5FBYwpsXBUGqGN2Qum2vgBgtdFwwNWot4ooPxke4Nc5
         Afqdbkv5Vou2Sypm7aZDRl3y/91RLqAdgAFXmtiI+ePGVIn6pS5Ah3Hg0B5bD5h6Kg3H
         Sys7opeXwPttS3uCa7+2I5Jr6btyoZhNA5OK4g9fnFUUGD5lglQOE9SBNVyC6wc0J5FN
         de07PurBluaUNrOTBnjloaZi6CvI9R6Z1dlAHl4nH85PSBebiKTSxHa7+jbaOuiYU8bV
         OxSrtAY5gS/1b8Dh31ZfX9gxMQ3u04aQsJkLLUf863FzqmXuR02WBa0r0/ud/UUVDQ8U
         NPXw==
MIME-Version: 1.0
X-Received: by 10.180.91.11 with SMTP id ca11mr6680752wib.10.1428426922291;
 Tue, 07 Apr 2015 10:15:22 -0700 (PDT)
Received: by 10.28.37.2 with HTTP; Tue, 7 Apr 2015 10:15:22 -0700 (PDT)
In-Reply-To: 
 <CAMvtBPO-G0nFRC=BZsSLpGTkYrNuqf6+bSicsx=pRRyfRZWVug@mail.gmail.com>
References: 
 <CAMvtBPMBJ08b2Tv+XLPwHuf=ROaqL2yC3q+NZrdoD6pJY-AqjQ@mail.gmail.com>
	<CAP997Uc3u3RO89o95bRZ=EU1565SDeDENHpkx9f3ps6iVmhgmA@mail.gmail.com>
	<CAP997UfzQ7cqNdpRRfpC8C955NgqxY8M1Jq+QUfh_s+7V3ziAA@mail.gmail.com>
	<CAMvtBPPNDP3p-Me0fb-rVSKq-16uYvVUZu+8SyO788bJbWUVBg@mail.gmail.com>
	<CAP997UdeR1cAxE=JQ19VKhVwJD+iknxUCYskvj9PyJ-WRKFRWg@mail.gmail.com>
	<CAMvtBPMP_iSeLnPXPeP_h6M6e+jcm=j0wecwjDbeQRx_=Ew2iQ@mail.gmail.com>
	<CAMvtBPO-G0nFRC=BZsSLpGTkYrNuqf6+bSicsx=pRRyfRZWVug@mail.gmail.com>
Date: Tue, 7 Apr 2015 19:15:22 +0200
Message-ID: 
 <CAP997UdCifW=xReycyRy58msR=P=GxpCWq2t56HbNk47+YW61w@mail.gmail.com>
Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM
From: Erik Weber <terbolous@gmail.com>
To: "users@cloudstack.apache.org" <users@cloudstack.apache.org>
Content-Type: multipart/alternative; boundary=f46d043c7e764a78400513258ff9
X-Virus-Checked: Checked by ClamAV on apache.org

--f46d043c7e764a78400513258ff9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I would try to delete the keystore table (after backup),    then add the
cert.

Erik

Den tirsdag 7. april 2015 skrev Andrija Panic <andrija.panic@gmail.com>
f=C3=B8lgende:

> I did found this in log:
>
> 2015-04-07 18:00:45,163 WARN  [c.c.k.KeystoreManagerImpl]
> (AgentConnectTaskPool-117:ctx-2a501782) Unable to build keystore for
> CPVMCertificate due to CertificateException
> 2015-04-07 18:00:45,163 ERROR [c.c.c.AgentHookBase]
> (AgentConnectTaskPool-117:ctx-2a501782) Could not find and construct a
> valid SSL certificate
>
> Any clues on this ?
>
> On 7 April 2015 at 19:01, Andrija Panic <andrija.panic@gmail.com
> <javascript:;>> wrote:
>
> > ok, I'm on 4.3.2, so there is only UI field for cert, key and
> > domainname.... so no field for i.e. password, as the key would have to
> been
> > decrypted sometimes if it is encrypted.
> >
> > My possible problem - I see both old intermediate1 cert and the new
> > intermediate1 cert in database, but only 1 ROOT CA (might have been - I
> > used the same name so odl ROOT CA was overwriten)
> >
> > Main CERT and the key looks fine in database...
> >
> >
> > On 7 April 2015 at 18:59, Erik Weber <terbolous@gmail.com <javascript:;=
>>
> wrote:
> >
> >> Your private key is decrypted, my issue was that it should've been
> >> encrypted.
> >>
> >> However, that could be 4.5 specific. You'll get an exception if you
> >> encounter the same.
> >>
> >>
> >> Erik
> >>
> >> Den tirsdag 7. april 2015 skrev Andrija Panic <andrija.panic@gmail.com
> <javascript:;>>
> >> f=C3=B8lgende:
> >>
> >> > Thx Erik,
> >> >
> >> > per my understanding, private key needs to be DEcrypted, and uploade=
d
> >> > through UI... ?
> >> >
> >> > On 7 April 2015 at 18:48, Erik Weber <terbolous@gmail.com
> <javascript:;>
> >> <javascript:;>>
> >> > wrote:
> >> >
> >> > > Also, take a backup first, then remove the realhostip occurence an=
d
> >> set
> >> > seq
> >> > > to 0 for your cert.
> >> > >
> >> > > Erik
> >> > >
> >> > > Den tirsdag 7. april 2015 skrev Erik Weber <terbolous@gmail.com
> <javascript:;>
> >> > <javascript:;>> f=C3=B8lgende:
> >> > >
> >> > > > Nothing in the logs?
> >> > > >
> >> > > > I had an issue where the private key wasn't being encrypted and
> had
> >> to
> >> > > fix
> >> > > > it by encrypting manually. But I also had could not decrypt
> >> exceptions
> >> > in
> >> > > > the logs.
> >> > > >
> >> > > > Erik
> >> > > >
> >> > > > Den tirsdag 7. april 2015 skrev Andrija Panic <
> >> andrija.panic@gmail.com <javascript:;>
> >> > <javascript:;>
> >> > > > <javascript:_e(%7B%7D,'cvml','andrija.panic@gmail.com
> <javascript:;>
> >> <javascript:;>');>>
> >> > f=C3=B8lgende:
> >> > > >
> >> > > >> Hi guys,
> >> > > >>
> >> > > >> our SSL just expired, and I needed to upload new ROOT CA,
> >> Intemediata
> >> > > ROOT
> >> > > >> CA, and at the end SSL for sever and a private key.
> >> > > >>
> >> > > >> I uploaded new ROOT CA, and after CPVM rebooted, also uploaded
> >> > > >> Intermediate
> >> > > >> ROOT CA, via API, with URL encoded stuff - checked in database
> all
> >> > seems
> >> > > >> OK.
> >> > > >>
> >> > > >> But after uploading new SSL and private key, destroyed CPVM and
> >> SSVM -
> >> > > my
> >> > > >> Console Proxy shows *.realiphost.com as the domain for the SSL
> >> wjen I
> >> > > >> access
> >> > > >>
> >> > > >> Any clues what I did wrong ?
> >> > > >> Should I have somehow removed first old ROOT CA and old
> >> Intermediate
> >> > CA,
> >> > > >> and upload new ones ?
> >> > > >>
> >> > > >> Here is database content from cloud.keystore:
> >> > > >> http://snag.gy/LMA4h.jpg
> >> > > >>
> >> > > >> This means that for some reason, original realiphost.com SSL is
> >> now
> >> > > used
> >> > > >> inside CPVM...
> >> > > >>
> >> > > >> Any help greatly appreciated, since this is live system...
> >> > > >>
> >> > > >> Thanks,
> >> > > >>
> >> > > >>
> >> > > >>
> >> > > >> --
> >> > > >>
> >> > > >> Andrija Pani=C4=87
> >> > > >>
> >> > > >
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> >
> >> > Andrija Pani=C4=87
> >> >
> >>
> >
> >
> >
> > --
> >
> > Andrija Pani=C4=87
> >
>
>
>
> --
>
> Andrija Pani=C4=87
>

--f46d043c7e764a78400513258ff9--