You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by cs user <ac...@gmail.com> on 2015/07/31 10:51:31 UTC
4.5.1 - SSVM Cert issues
Hi Folks,
After updating to 4.5.1 and installing using the shapeblue SSVM templates:
http://packages.shapeblue.com/systemvmtemplate/4.5/new/
We are hitting an issue very similar to the below when trying to copy
templates between zones:
https://issues.apache.org/jira/browse/CLOUDSTACK-1475
We are using our own wildcard cert for this parameter:
secstorage.ssl.cert.domain
We weren't having any issues when using 4.3. Has anyone run into this?
Cheers!
Re: 4.5.1 - SSVM Cert issues
Posted by cs user <ac...@gmail.com>.
Hi There :)
I've gone through the process of uploading the SSL certificate again, and
now all is working fine, which is fantastic! :)
Not sure if this has broken as part of upgrading or if it was never
installed fully before, but its working now.
Cheers!
On Fri, Jul 31, 2015 at 12:00 PM, Thomas Moroder <cl...@server24.eu>
wrote:
> The url's that are being generated are of the form:
>> https://192-168-2-15.random.net
>> Which all looks fine.
>>
>
> OK
>
> The secstorage.ssl.cert.domain parmater is set to *.random.net
>> From the ssvm I ran the following:
>> openssl s_client -connect 192-168-2-15.random.net:443
>>
>
> have you included the intermediary certificates?
>
>
> Sincerely,
> Thomas Moroder
>
> --
> Incubatec GmbH - Srl
> Via Scurcia'str. 36, 39046 Ortisei(BZ), ITALIA
> Registered with the chamber of commerce of Bolzano the 8th of November
> 2001 with
> REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
> President: Thomas Moroder, VAT-No. IT 02283140214
> Tel: +39.0471796829 - Fax: +39.0471797949
>
> IMPRINT:
> http://www.incubatec.com/imprint.html
> PRIVACY:
> http://www.server24.it/informativa_completa.html
>
>
Re: 4.5.1 - SSVM Cert issues
Posted by Thomas Moroder <cl...@server24.eu>.
> The url's that are being generated are of the form:
> https://192-168-2-15.random.net
> Which all looks fine.
OK
> The secstorage.ssl.cert.domain parmater is set to *.random.net
> From the ssvm I ran the following:
> openssl s_client -connect 192-168-2-15.random.net:443
have you included the intermediary certificates?
Sincerely,
Thomas Moroder
--
Incubatec GmbH - Srl
Via Scurcia'str. 36, 39046 Ortisei(BZ), ITALIA
Registered with the chamber of commerce of Bolzano the 8th of November 2001 with
REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
President: Thomas Moroder, VAT-No. IT 02283140214
Tel: +39.0471796829 - Fax: +39.0471797949
IMPRINT:
http://www.incubatec.com/imprint.html
PRIVACY:
http://www.server24.it/informativa_completa.html
Re: 4.5.1 - SSVM Cert issues
Posted by cs user <ac...@gmail.com>.
Hi There,
The url's that are being generated are of the form:
https://192-168-2-15.random.net
Which all looks fine.
The secstorage.ssl.cert.domain parmater is set to *.random.net
>From the ssvm I ran the following:
openssl s_client -connect 192-168-2-15.random.net:443
Which then seemed to complain about the root cert. I guess the provider we
have used does not have it's trusted root cert in the new ssvm template.
Perhaps a consequence of the move to java7 within the templates?
As I say, this all worked fine in 4.3.
So either we have to load this cert in every time we launch a fresh ssvm,
or we somehow build our own ssvm template with the root cert baked into the
image.
When you add a new cert to the environment, does it push the root cert to
the ssvm? Has it ever been possible to use a self signed cert?
Thanks!
On Fri, Jul 31, 2015 at 10:34 AM, Thomas Moroder <cl...@server24.eu>
wrote:
> We are hitting an issue very similar to the below when trying to copy
>> templates between zones:
>> https://issues.apache.org/jira/browse/CLOUDSTACK-1475
>> We are using our own wildcard cert for this parameter:
>> secstorage.ssl.cert.domain
>> We weren't having any issues when using 4.3. Has anyone run into this?
>>
>
> I guess the certificate controls are more strict. Are you sure your
> wildcard certificate is for *.ssl.cert.domain and not *.cert.domain?
> Subdomains are not included in the wildcard-certificate.
>
> Sincerely,
> Thomas Moroder
>
>
> --
> Incubatec GmbH - Srl
> Via Scurcia'str. 36, 39046 Ortisei(BZ), ITALIA
> Registered with the chamber of commerce of Bolzano the 8th of November
> 2001 with
> REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
> President: Thomas Moroder, VAT-No. IT 02283140214
> Tel: +39.0471796829 - Fax: +39.0471797949
>
> IMPRINT:
> http://www.incubatec.com/imprint.html
> PRIVACY:
> http://www.server24.it/informativa_completa.html
>
>
Re: 4.5.1 - SSVM Cert issues
Posted by Thomas Moroder <cl...@server24.eu>.
> We are hitting an issue very similar to the below when trying to copy
> templates between zones:
> https://issues.apache.org/jira/browse/CLOUDSTACK-1475
> We are using our own wildcard cert for this parameter:
> secstorage.ssl.cert.domain
> We weren't having any issues when using 4.3. Has anyone run into this?
I guess the certificate controls are more strict. Are you sure your wildcard
certificate is for *.ssl.cert.domain and not *.cert.domain? Subdomains are not
included in the wildcard-certificate.
Sincerely,
Thomas Moroder
--
Incubatec GmbH - Srl
Via Scurcia'str. 36, 39046 Ortisei(BZ), ITALIA
Registered with the chamber of commerce of Bolzano the 8th of November 2001 with
REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
President: Thomas Moroder, VAT-No. IT 02283140214
Tel: +39.0471796829 - Fax: +39.0471797949
IMPRINT:
http://www.incubatec.com/imprint.html
PRIVACY:
http://www.server24.it/informativa_completa.html