cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: CloudStack UploadCertificate
Date Mon, 18 May 2015 06:53:41 GMT
It's only the private key that needs encrypting (AFAIK).


1) First get the encryption key. Usually this is in the file
/etc/cloudstack/management/key
2) Remove newlines from your private key, it should start with '-----BEGIN
PRIVATE KEY-----' and contain no newlines after you're done
3) Run a command similar to this, path might be different if you use
ubuntu/debian, and version names might differ:

java -classpath /usr/share/cloudstack-usage/lib/jasypt-1.9.0.jar \
org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI \
encrypt.sh input="INSERT VALUE FROM STEP 2" \
password="INSERT VALUE FROM STEP 1" verbose=false


4) update the database, you should update the certificate called
'CPVMCertificate'
UPDATE `cloud`.`keystore` SET `keystore`.`key`="VALUE FROM STEP 3" WHERE
`keystore`.`id` in (SELECT `keystore`.`id` from `cloud`.`keystore` WHERE
`keystore`.`name` = 'CPVMCertificate')


Then restart CloudStack management server. You might also have to destroy
the system vms, I don't really recall if I had to or not.


-- 
Erik


On Mon, May 18, 2015 at 12:21 AM, Fedi Ben Ali <ben.ali.fedi1@gmail.com>
wrote:

> Hello,
>
> Haw can i encrypt the field manually  ?
>
>
>
> 2015-05-17 22:07 GMT+01:00 Erik Weber <terbolous@gmail.com>:
>
> > I had a similar issue[1], to solve it I had to encrypt the field
> manually.
> > However, I don't know if it's valid for 4.4 or not, this was on an early
> > 4.5 RC.
> >
> > Doesn't hurt to try though, can't get worse :-)
> >
> >
> > [1] https://issues.apache.org/jira/browse/CLOUDSTACK-8372
> >
> >
> > --
> > Erik
> >
> > On Sun, May 17, 2015 at 10:57 PM, Fedi Ben Ali <ben.ali.fedi1@gmail.com>
> > wrote:
> >
> > > Hello,
> > >
> > > I do have an issue with the upload of my certificate , i'm uploading a
> > > wildcard certificate ,
> > > with a pksc8 key from cloudstack UI.
> > > this operation gives me this error on my log :
> > >
> > >
> > > null, lastUpdated: null, lastPolled: null, created: null}
> > > 2015-05-17 21:32:56,233 DEBUG [c.c.a.ApiServlet]
> > > (catalina-exec-16:ctx-a58bba6b ctx-eed361bc) ===END===  192.168.193.247
> > --
> > > POST
> > >
> > >
> >
> command=uploadCustomCertificate&response=json&sessionkey=F8XO1%2Bjm4kWcgBBc1nGCW1h7Uoc%3D
> > > 2015-05-17 21:32:56,242 ERROR [o.a.c.f.s.k.KeystoreManagerImpl]
> > > (API-Job-Executor-5:ctx-92880017 job-221 ctx-671e9577) Certificate
> > > validation failed due to exception for domain:
> > > java.security.cert.CertificateException: Could not parse certificate:
> > > java.io.IOException: Incomplete data
> > >
> > >
> > > I'm working on cloudstack 4.4 .
> > >
> > > Do any one have idea on haw wto solve yhis issue  ?
> > >
> > > Thx.
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message