You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by ilya <il...@gmail.com> on 2016/04/01 02:09:56 UTC
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
I have a web-service that serves CloudStack templates, the SSL on the
download web service is signed by internal CA. This means i need to
inject the intermediate CA as well as ROOT CA into SSVM's java keystore
- for java client to be able to recognize the Certs and download the
template from remote repository.
On 3/29/16 4:48 AM, Daan Hoogland wrote:
> Ilya, to my knowledge the certificate won't be saved on file. It will be
> loaded from the command coming from the MS in the agent directly. Why are
> you looking to update the ssvm? I thought these are only used in the
> consoleproxy.
>
> On Tue, Mar 29, 2016 at 12:17 AM, ilya <il...@gmail.com> wrote:
>
>> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show
>> up in SSVM java keystore.
>>
>>
>> I've followed the procedure on
>>
>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs
>>
>> and
>>
>>
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
>>
>> But after restart of SSVM and MS - the keystore still has default Go
>> Daddy certs.
>>
>> Would any know how to troubleshoot it?
>>
>> Also, one thing to note, i'm not uploading the actual wild card cert -
>> is its against security policy. It will be impossible for me to get a
>> wildcard cert.
>>
>> Regards
>> ilya
>>
>
>
>
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Posted by Nux! <nu...@li.nux.ro>.
Ilya,
See the last few lines of this post, I had a similar problem a while back:
http://www.nux.ro/archive/2014/03/Run_your_own_realhostip.html
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "ilya" <il...@gmail.com>
> To: dev@cloudstack.apache.org
> Sent: Friday, 1 April, 2016 01:09:56
> Subject: Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
> I have a web-service that serves CloudStack templates, the SSL on the
> download web service is signed by internal CA. This means i need to
> inject the intermediate CA as well as ROOT CA into SSVM's java keystore
> - for java client to be able to recognize the Certs and download the
> template from remote repository.
>
>
>
>
>
> On 3/29/16 4:48 AM, Daan Hoogland wrote:
>> Ilya, to my knowledge the certificate won't be saved on file. It will be
>> loaded from the command coming from the MS in the agent directly. Why are
>> you looking to update the ssvm? I thought these are only used in the
>> consoleproxy.
>>
>> On Tue, Mar 29, 2016 at 12:17 AM, ilya <il...@gmail.com> wrote:
>>
>>> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show
>>> up in SSVM java keystore.
>>>
>>>
>>> I've followed the procedure on
>>>
>>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs
>>>
>>> and
>>>
>>>
>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
>>>
>>> But after restart of SSVM and MS - the keystore still has default Go
>>> Daddy certs.
>>>
>>> Would any know how to troubleshoot it?
>>>
>>> Also, one thing to note, i'm not uploading the actual wild card cert -
>>> is its against security policy. It will be impossible for me to get a
>>> wildcard cert.
>>>
>>> Regards
>>> ilya
>>>
>>
>>