cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cs user <acldstk...@gmail.com>
Subject Re: 4.5.1 - SSVM Cert issues
Date Fri, 31 Jul 2015 10:37:39 GMT
Hi There,

The url's that are being generated are of the form:

https://192-168-2-15.random.net

Which all looks fine.

The secstorage.ssl.cert.domain parmater is set to *.random.net

>From the ssvm I ran the following:

openssl s_client -connect 192-168-2-15.random.net:443

Which then seemed to complain about the root cert. I guess the provider we
have used does not have it's trusted root cert in the new ssvm template.

Perhaps a consequence of the move to java7 within the templates?

As I say, this all worked fine in 4.3.

So either we have to load this cert in every time we launch a fresh ssvm,
or we somehow build our own ssvm template with the root cert baked into the
image.

When you add a new cert to the environment, does it push the root cert to
the ssvm? Has it ever been possible to use a self signed cert?

Thanks!



On Fri, Jul 31, 2015 at 10:34 AM, Thomas Moroder <cloudstack@server24.eu>
wrote:

> We are hitting an issue very similar to the below when trying to copy
>> templates between zones:
>> https://issues.apache.org/jira/browse/CLOUDSTACK-1475
>> We are using our own wildcard cert for this parameter:
>> secstorage.ssl.cert.domain
>> We weren't having any issues when using 4.3. Has anyone run into this?
>>
>
> I guess the certificate controls are more strict. Are you sure your
> wildcard certificate is for *.ssl.cert.domain and not *.cert.domain?
> Subdomains are not included in the wildcard-certificate.
>
> Sincerely,
> Thomas Moroder
>
>
> --
> Incubatec GmbH - Srl
> Via Scurcia'str. 36, 39046 Ortisei(BZ), ITALIA
> Registered with the chamber of commerce of Bolzano the 8th of November
> 2001 with
> REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
> President: Thomas Moroder, VAT-No. IT 02283140214
> Tel: +39.0471796829 - Fax: +39.0471797949
>
> IMPRINT:
> http://www.incubatec.com/imprint.html
> PRIVACY:
> http://www.server24.it/informativa_completa.html
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message