You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Paco Medina <pa...@ouimail.fr> on 2012/09/14 12:31:04 UTC
CloudStack 3.0.2: Failed to update SSL Certificate with no server
side logs
Hello,
I have the same issue :
http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201207.mbox/%3CF2E8D955FEB4B145957796059DBDB03D01A24BEB433B@SYDPMAILBOX01.citrite.net%3E
You can find the PCAP file with the RST.
I tried to install from sratch etc.. But no way to import the certificate.
Can someone help me ? I have a public host for debug.
Regards,
Paco Medina
Re: CloudStack 3.0.2: Failed to update SSL Certificate with no server
side logs
Posted by Mice Xia <we...@gmail.com>.
Months ago I tested uploading certificate and it worked, maybe you can
refer to following steps (this is for 2.2.y but I think 3.0.x does not
make much difference):
1. Generate the private key and certificate signing request (CSR).
When you are using openssl to generate private/public key pairs and
CSRs, for the private key that you are going to paste into the
CloudStack UI, be sure to convert it into PKCS#8 format.
a. Generate a new 1024-bit private key.
openssl genrsa -des3 -out yourprivate.key 1024
b. Generate a new certificate CSR.
openssl req -new -key yourprivate.key -out yourcertificate.csr
c. Head to the website of your favorite trusted Certificate Authority,
purchase an SSL certificate, and submit the CSR. You should receive a
valid certificate in return.
*** I applied for a trial cert from www.verisign.com, it is 1024bit
in length if i remember correctly. ***
d. change private key format *** this step is different with document ***
openssl pkcs8 -topk8 -nocrypt -in yourprivate.key -out your_pcks8
2. select "Update SSL Certificate" in UI. In the dialog box, paste the
following:
Certificate from step 1(c).
Private key from step 1(d).
Domain suffix: *** make sure it is same with the Common Name in your CSR ***
Hope this helps
Regards
Mice
2012/9/14 Paco Medina <pa...@ouimail.fr>
>
> Hello,
>
> I have the same issue :
>
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201207.mbox/%3CF2E8D955FEB4B145957796059DBDB03D01A24BEB433B@SYDPMAILBOX01.citrite.net%3E
>
> You can find the PCAP file with the RST.
> I tried to install from sratch etc.. But no way to import the certificate.
>
> Can someone help me ? I have a public host for debug.
>
> Regards,
>
> Paco Medina