cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Naber <benjamin.na...@coders-area.de>
Subject Re: AW:https Repo links don't work
Date Thu, 19 Oct 2017 08:42:20 GMT
Hi Sudhansu,

where these "systemvm" directorys located ?
cant find them on systemvm template vhd. 

Kind regards

Benjamin
 
> Sudhansu Sahu <sudhansu.sahu@accelerite.com> hat am 18. Oktober 2017 um 09:34 geschrieben:
> 
> 
> Its overridden by jvm argument -Djavax.net.ssl.trustStore (/usr/local/cloud/systemvm/secstorage.sh).
> 
> Thanks
> Sudhansu
> 
> On 10/17/17, 2:34 PM, "Benjamin Naber" <benjamin.naber@coders-area.de> wrote:
> 
>     Hi Sudhansu,
>     
>     ty for Bug Reporting. You know by which script the realhostip.keystore will be overwriten
?
>     
>     I cant find the path or file in the basic systemvm template.
>     
>     Kind regards
>     
>     benjamin
>     
>     > Sudhansu Sahu <sudhansu.sahu@accelerite.com> hat am 17. Oktober 2017 um
10:51 geschrieben:
>     > 
>     > I have created below defect for this. https://issues.apache.org/jira/browse/CLOUDSTACK-10112
>     > 
>     > Sent from my iPhone
>     > 
>     > On 17-Oct-2017, at 1:56 PM, Benjamin Naber <benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>>
wrote:
>     > 
>     > Hi Sudhansu,
>     > 
>     > that fix worked for me. thanks for your help.
>     > 
>     > Kind regards
>     > 
>     > Benjamin
>     > Sudhansu Sahu <sudhansu.sahu@accelerite.com<mailto:sudhansu.sahu@accelerite.com>>
hat am 17. Oktober 2017 um 10:03 geschrieben:
>     > 
>     > For realhostip.keystore the password is ‘vmops.com<http://vmops.com>’.
and for java keystore the password is ‘changeit’.
>     > 
>     > Thanks
>     > Sudhansu Sahu
>     > 
>     > On 10/17/17, 1:29 PM, "Benjamin Naber" <benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>>
wrote:
>     > 
>     > Hi Sudhansu,
>     > 
>     > ty for the tip ! do you know the default password for the keystore on the secondary
storage vm ?
>     > 
>     > Kind regards
>     > 
>     > Benjamin
>     > 
>     > Sudhansu Sahu <sudhansu.sahu@accelerite.com<mailto:sudhansu.sahu@accelerite.com>>
hat am 17. Oktober 2017 um 06:25 geschrieben:
>     > 
>     > In SSVM default java keystore is overriden by "realhostip.keystore" and does
not have necessary certificates.
>     > 
>     > Import all java cacerts to ‘/usr/local/cloud/systemvm/certs/realhostip.keystore’.
>     > 
>     > keytool -importkeystore –srckeystore -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore
>     > 
>     > Thanks
>     > Sudhansu Sahu
>     > 
>     > On 10/16/17, 9:25 PM, "Rafael Weingärtner" <rafael@autonomiccs.com.br<mailto:rafael@autonomiccs.com.br>>
wrote:
>     > 
>     > Well, if everything is there, then you should not see this error of
>     > unable to build the certification path.
>     > 
>     > Then, it would be a good idea to check which cacerts Java is using.
>     > 
>     > On 10/16/2017 1:54 PM, Benjamin Naber wrote:
>     > 
>     > Hi Rafael,
>     > 
>     > i exported the Keystore to textfile and checked fingerprints.
>     > 
>     > root CAs also in the Keystore.
>     > 
>     > Kind Regards
>     > 
>     > Benjamin
>     > 
>     > Rafael Weingärtner <rafael@autonomiccs.com.br<mailto:rafael@autonomiccs.com.br>>
hat am 16. Oktober 2017 um 17:45 geschrieben:
>     > 
>     > How did you check the certificates? Did you list and checked by name? Or
>     > by fingerprint?
>     > 
>     > Also, did you check if the root CA was there as well? For instance, the
>     > Let's encrypt root CA is "DST Root CA X3" (the CA that signs let's
>     > encrypt CA's certificate)
>     > 
>     > On 10/16/2017 1:42 PM, Benjamin Naber wrote:
>     > 
>     > Hi Rafael,
>     > 
>     > ive allready checked the Java Keystore. All Certificates are included.
>     > 
>     > Im using ACS 4.10
>     > 
>     > Kind Regards
>     > 
>     > Benjamin
>     > 
>     > Benjamin Naber <benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>>
hat am 16. Oktober 2017 um 17:26 geschrieben:
>     > 
>     > Hi Rafael,
>     > 
>     > Currently no ssl Backlund works. Also COMODO Certificates don't work.
>     > 
>     > Kind Regards
>     > 
>     > Benjamin
>     > 
>     > Von meinem Huawei-Mobiltelefon gesendet
>     > 
>     > -------- Originalnachricht --------
>     > Betreff: Re: https Repo links don't work
>     > Von: Rafael Weingärtner <rafael@autonomiccs.com.br<mailto:rafael@autonomiccs.com.br>>
>     > An: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
>     > Cc:
>     > 
>     > Probably the let´s encrypt CA is not in your java keystore. You will
>     > need to add it.
>     > 
>     > On 10/16/2017 1:13 PM, Benjamin Naber - NETFORMIC GmbH wrote:
>     > 
>     > Hi together,
>     > 
>     > i have an issue deploying templates with https Repo Links.
>     > 
>     > When i create a global template like debian stretch netinstall and the
>     > ISO file is located on a https backlink
>     > (https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso)
>     > <https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso%29>.
>     > 
>     > the following error occours:
>     > 
>     > sun.security.validator.ValidatorException: PKIX path building failed:
>     > sun.security.provider.certpath.SunCertPathBuilderException: unable to
>     > find valid certification path to requested target
>     > 
>     > OS: CentOS7
>     > 
>     > CS Version: 4.10 from http://cloudstack.apt-get.eu/centos/7/4.10/
>     > <http://cloudstack.apt-get.eu/centos/7/4.10/>
>     > 
>     > Did anyone managed to fix it?
>     > 
>     > Kind Regards
>     > 
>     > *Benjamin Naber*
>     > 
>     > System Administrator
>     > 
>     > Telefon: +49 (0)711 761642-445
>     > benjamin.naber@netformic.de<mailto:benjamin.naber@netformic.de>
>     > 
>     > <https://netformic.de/>
>     > 
>     > *NETFORMIC GmbH*
>     > HRB 720729, Amtsgericht Stuttgart
>     > USt-IdNr.: DE814688053
>     > Geschäftsführer: Jens Rilling, Timo Weltner
>     > 
>     > *Stuttgart*
>     > Hermannstraße 5A, 70178 Stuttgart
>     > Telefon: +49 (0)711 761642-0, Fax: -26
>     > 
>     > *Berlin*
>     > Fanny-Zobel-Straße 11, 12435 Berlin
>     > 
>     > Telefon: +49 (0)30 60984747-0, Fax: -9
>     > --
>     > 
>     > Rafael Weingärtner
>     > --
>     > Rafael Weingärtner
>     > 
>     > ___________________________________________________
>     > Benjamin Naber • Holzstraße 7 • D-73650 Winterbach
>     > Mobil: +49 (0) 152.34087809
>     > E-Mail: benjamin.naber@coders-area.de<mailto:benjamin.naber@coders-area.de>
>     > 
>     > ___________________________________________________
>     > Diese E-mail einschließlich eventuell angehängter Dateien enthält vertrauliche
und / oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind
und diese E-mail irrtümlich erhalten haben, dürfen Sie weder den Inhalt dieser E-mail nutzen
noch dürfen Sie die eventuell angehängten Dateien öffnen und auch keine Kopie fertigen
oder den Inhalt weitergeben / verbreiten. Bitte verständigen Sie den Absender und löschen
Sie diese E-mail und eventuell angehängte Dateien umgehend.
>     > 
>     > --
>     > Rafael Weingärtner
>     > 
>     > DISCLAIMER
>     > ==========
>     > This e-mail may contain privileged and confidential information which is the
property of Accelerite, a Persistent Systems business. It is intended only for the use of
the individual or entity to which it is addressed. If you are not the intended recipient,
you are not authorized to read, retain, copy, print, distribute or use this message. If you
have received this communication in error, please notify the sender and delete all copies
of this message. Accelerite, a Persistent Systems business does not accept any liability for
virus infected mails.
>     
>

Mime
View raw message