You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Chip Childers <ch...@sungard.com> on 2013/03/02 19:53:22 UTC
Re: Console Proxy Certificates
On Thu, Feb 28, 2013 at 10:03:05PM +0000, Paul Sanders wrote:
> Hello All,
>
> I am trying to get the console proxy working through CloudStack and am
> unable to update the SSL certificates and change from realworldip.com.
>
> I have created my request and signed it from my internal CA. I have also
> exported my private key in pkcs8.
>
> When I enter my .cert and .pkcs8 into the cloudstack gui I get 'Failed to
> update SSL Certificate'. There are no errors in management.log. Where can I
> look to troubleshoot this issue?
>
> It may be worth pointing out that the domain I am using is a .local as it
> is a lab environment, but I cant see why that would be an issue.
>
> Thanks
>
> PAul
>
> ---
> Kind Regards
>
> Paul Sanders
> Mail: paul.sanders87@googlemail.com
I wrote a blog post about this (and still owe it to the project to add
docs) here:
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
While your scenario isn't about using an intermediate CA, you are
basically trying to add a new root CA to the know root list in the
keystore. The trick is to use the API (instead of the UI) to load the
certs in the right order.
Give it a shot, and let me know if you have any questions.
RE: Console Proxy Certificates
Posted by "Fuchs, Andreas (SwissTXT)" <An...@swisstxt.ch>.
Hi Paul
Weh ad exactly the same issue, tryed with removing newlines adding the whole cert chain and many other things.
The guy was always refusing due to non printable chars or just failed. Then we tried over the API and also without success. We ended up with backing up our database and replacing the cert directly in there, we know that this is not the way it should be done, but after spending far too much time with gui and api we are happy that it works now.
Andi
-----Original Message-----
From: Chip Childers [mailto:chip.childers@sungard.com]
Sent: Samstag, 2. März 2013 19:54
To: cloudstack-users@incubator.apache.org
Subject: Re: Console Proxy Certificates
On Thu, Feb 28, 2013 at 10:03:05PM +0000, Paul Sanders wrote:
> Hello All,
>
> I am trying to get the console proxy working through CloudStack and am
> unable to update the SSL certificates and change from realworldip.com.
>
> I have created my request and signed it from my internal CA. I have
> also exported my private key in pkcs8.
>
> When I enter my .cert and .pkcs8 into the cloudstack gui I get 'Failed
> to update SSL Certificate'. There are no errors in management.log.
> Where can I look to troubleshoot this issue?
>
> It may be worth pointing out that the domain I am using is a .local as
> it is a lab environment, but I cant see why that would be an issue.
>
> Thanks
>
> PAul
>
> ---
> Kind Regards
>
> Paul Sanders
> Mail: paul.sanders87@googlemail.com
I wrote a blog post about this (and still owe it to the project to add
docs) here:
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
While your scenario isn't about using an intermediate CA, you are basically trying to add a new root CA to the know root list in the keystore. The trick is to use the API (instead of the UI) to load the certs in the right order.
Give it a shot, and let me know if you have any questions.