cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sudhansu Sahu <sudhansu.s...@accelerite.com>
Subject Re: AW:https Repo links don't work
Date Tue, 17 Oct 2017 08:51:29 GMT
I have created below defect for this. https://issues.apache.org/jira/browse/CLOUDSTACK-10112


Sent from my iPhone

On 17-Oct-2017, at 1:56 PM, Benjamin Naber <benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>>
wrote:

Hi Sudhansu,

that fix worked for me. thanks for your help.

Kind regards

Benjamin
Sudhansu Sahu <sudhansu.sahu@accelerite.com<mailto:sudhansu.sahu@accelerite.com>>
hat am 17. Oktober 2017 um 10:03 geschrieben:

For realhostip.keystore the password is ‘vmops.com<http://vmops.com>’. and for java
keystore the password is ‘changeit’.

Thanks
Sudhansu Sahu

On 10/17/17, 1:29 PM, "Benjamin Naber" <benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>>
wrote:

Hi Sudhansu,

ty for the tip ! do you know the default password for the keystore on the secondary storage
vm ?

Kind regards

Benjamin

Sudhansu Sahu <sudhansu.sahu@accelerite.com<mailto:sudhansu.sahu@accelerite.com>>
hat am 17. Oktober 2017 um 06:25 geschrieben:

In SSVM default java keystore is overriden by "realhostip.keystore" and does not have necessary
certificates.

Import all java cacerts to ‘/usr/local/cloud/systemvm/certs/realhostip.keystore’.

keytool -importkeystore –srckeystore -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore

Thanks
Sudhansu Sahu

On 10/16/17, 9:25 PM, "Rafael Weingärtner" <rafael@autonomiccs.com.br<mailto:rafael@autonomiccs.com.br>>
wrote:

Well, if everything is there, then you should not see this error of
unable to build the certification path.

Then, it would be a good idea to check which cacerts Java is using.

On 10/16/2017 1:54 PM, Benjamin Naber wrote:

Hi Rafael,

i exported the Keystore to textfile and checked fingerprints.

root CAs also in the Keystore.

Kind Regards

Benjamin

Rafael Weingärtner <rafael@autonomiccs.com.br<mailto:rafael@autonomiccs.com.br>>
hat am 16. Oktober 2017 um 17:45 geschrieben:

How did you check the certificates? Did you list and checked by name? Or
by fingerprint?

Also, did you check if the root CA was there as well? For instance, the
Let's encrypt root CA is "DST Root CA X3" (the CA that signs let's
encrypt CA's certificate)

On 10/16/2017 1:42 PM, Benjamin Naber wrote:

Hi Rafael,

ive allready checked the Java Keystore. All Certificates are included.

Im using ACS 4.10

Kind Regards

Benjamin

Benjamin Naber <benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>>
hat am 16. Oktober 2017 um 17:26 geschrieben:

Hi Rafael,

Currently no ssl Backlund works. Also COMODO Certificates don't work.

Kind Regards

Benjamin

Von meinem Huawei-Mobiltelefon gesendet

-------- Originalnachricht --------
Betreff: Re: https Repo links don't work
Von: Rafael Weingärtner <rafael@autonomiccs.com.br<mailto:rafael@autonomiccs.com.br>>
An: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Cc:

Probably the let´s encrypt CA is not in your java keystore. You will
need to add it.

On 10/16/2017 1:13 PM, Benjamin Naber - NETFORMIC GmbH wrote:

Hi together,

i have an issue deploying templates with https Repo Links.

When i create a global template like debian stretch netinstall and the
ISO file is located on a https backlink
(https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso)
<https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso%29>.

the following error occours:

sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

OS: CentOS7

CS Version: 4.10 from http://cloudstack.apt-get.eu/centos/7/4.10/
<http://cloudstack.apt-get.eu/centos/7/4.10/>

Did anyone managed to fix it?

Kind Regards

*Benjamin Naber*

System Administrator

Telefon: +49 (0)711 761642-445
benjamin.naber@netformic.de<mailto:benjamin.naber@netformic.de>

<https://netformic.de/>

*NETFORMIC GmbH*
HRB 720729, Amtsgericht Stuttgart
USt-IdNr.: DE814688053
Geschäftsführer: Jens Rilling, Timo Weltner

*Stuttgart*
Hermannstraße 5A, 70178 Stuttgart
Telefon: +49 (0)711 761642-0, Fax: -26

*Berlin*
Fanny-Zobel-Straße 11, 12435 Berlin

Telefon: +49 (0)30 60984747-0, Fax: -9
--

Rafael Weingärtner
--
Rafael Weingärtner

___________________________________________________
Benjamin Naber • Holzstraße 7 • D-73650 Winterbach
Mobil: +49 (0) 152.34087809
E-Mail: benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>

___________________________________________________
Diese E-mail einschließlich eventuell angehängter Dateien enthält vertrauliche und / oder
rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind und diese E-mail
irrtümlich erhalten haben, dürfen Sie weder den Inhalt dieser E-mail nutzen noch dürfen
Sie die eventuell angehängten Dateien öffnen und auch keine Kopie fertigen oder den Inhalt
weitergeben / verbreiten. Bitte verständigen Sie den Absender und löschen Sie diese E-mail
und eventuell angehängte Dateien umgehend.

--
Rafael Weingärtner

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message