You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Soheil Eizadi <se...@infoblox.com> on 2013/05/01 00:36:04 UTC

Network Resource Certificate Management

Hi,
What is the deployment model for how the SSL Certificate for a Network
Resource that is managed by CloudStack will get into the CloudStack
KeyStore? For Dev/Test I can ignore the Certificate for now but would like
to know how this will work for a real deployment.

Are there CloudStack APIs to copy the certificate to the Keystore?

My only exposure to the Keystore is the warning I get when I run the
application at startup:
>> WARN  [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey
>>...

Thanks,
-Soheil

Re: Network Resource Certificate Management

Posted by Chiradeep Vittal <Ch...@citrix.com>.

Hi, 

Registering keys into cloudstack is not automated. CloudStack does try to
do it for certs that connect to the agents (as you saw), but that's not
universally liked (I don't like it either).

For a real deployment, I expect documentation on how to install the
certificate in the management server's keystone

On 4/30/13 3:36 PM, "Soheil Eizadi" <se...@infoblox.com> wrote:

>Hi,
>What is the deployment model for how the SSL Certificate for a Network
>Resource that is managed by CloudStack will get into the CloudStack
>KeyStore? For Dev/Test I can ignore the Certificate for now but would like
>to know how this will work for a real deployment.
>
>Are there CloudStack APIs to copy the certificate to the Keystore?
>
>My only exposure to the Keystore is the warning I get when I run the
>application at startup:
>>> WARN  [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey
>>>...
>
>Thanks,
>-Soheil
>