You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Stephan Seitz <s....@secretresearchfacility.com> on 2016/03/16 09:42:38 UTC
./certs/realhostip.keystore in SSVN
Hey devs!
I just added some recent root-CA certificates to running SSVM instances.
I'ld like to persist this by updating the realhostip.keystore, and can't
locate that keystore file inside the template.vhd.
Even after searching the git repo, I don't know where this file is
deployed from.
Could someone please shed some light where to find that keystore source?
Thanks in advance!
cheers,
- Stephan
Re: ./certs/realhostip.keystore in SSVN
Posted by Wei ZHOU <us...@gmail.com>.
We had the similar issue when downloaded the template/iso from
fedorapeople.org.
The issue was fixed in our internal version.
If you are interested, please create a jira ticket, I will upload it in
github.
-Wei
2016-03-16 16:06 GMT+01:00 Stephan Seitz <s.seitz@secretresearchfacility.com
>:
> Sadhu,
>
> thank you for your feedback. unfortunately, my problem is not using own
> certificates on the SSVM/CPVM. This is already done.
>
> We're missing some newer Root-CA certificates in the keystore, so
> therefor some https-download-URL are not working since SSVM doesn't know
> about that (even valid) root-CA.
>
> My question is, how to I add root-CA to the keystore (say, an equivalent
> to the system-wide "aptitude upgrade ca-certificates").
>
> I think, I could also file a jira ticket but I want to understand the
> mechanisms in prior.
>
> Right now, we encounter Problems with D/L URL secured by LetsEncrypt and
> some Comodo RSA Roots with SHA256 Intermediates.
>
> I already fixed that by adding the respective certificates to the
> keystore, but I assume it's better to get that persistent :)
>
> Oh, and we're running 4.7 w/ 4.6 SSVM/CPVM-template.
>
> cheers,
>
> - Stephan
>
> Am Mittwoch, den 16.03.2016, 09:22 +0000 schrieb Suresh Sadhu:
> > Please check this link:
> >
> http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html
> >
> >
> > your uploaded certis loaded in the database in keystore table, after
> upload ssl successful it recreate ssvm/cpvm with new key .
> >
> > regards
> > sadhu
> >
> >
> > -----Original Message-----
> > From: Stephan Seitz [mailto:s.seitz@secretresearchfacility.com]
> > Sent: Wednesday, March 16, 2016 2:13 PM
> > To: dev@cloudstack.apache.org
> > Subject: ./certs/realhostip.keystore in SSVN
> >
> > Hey devs!
> >
> > I just added some recent root-CA certificates to running SSVM instances.
> > I'ld like to persist this by updating the realhostip.keystore, and can't
> locate that keystore file inside the template.vhd.
> > Even after searching the git repo, I don't know where this file is
> deployed from.
> >
> > Could someone please shed some light where to find that keystore source?
> >
> > Thanks in advance!
> >
> > cheers,
> >
> > - Stephan
> >
> >
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Accelerite, a Persistent Systems business. It is intended
> only for the use of the individual or entity to which it is addressed. If
> you are not the intended recipient, you are not authorized to read, retain,
> copy, print, distribute or use this message. If you have received this
> communication in error, please notify the sender and delete all copies of
> this message. Accelerite, a Persistent Systems business does not accept any
> liability for virus infected mails.
>
>
>
Re: ./certs/realhostip.keystore in SSVN
Posted by Stephan Seitz <s....@secretresearchfacility.com>.
Sadhu,
thank you for your feedback. unfortunately, my problem is not using own
certificates on the SSVM/CPVM. This is already done.
We're missing some newer Root-CA certificates in the keystore, so
therefor some https-download-URL are not working since SSVM doesn't know
about that (even valid) root-CA.
My question is, how to I add root-CA to the keystore (say, an equivalent
to the system-wide "aptitude upgrade ca-certificates").
I think, I could also file a jira ticket but I want to understand the
mechanisms in prior.
Right now, we encounter Problems with D/L URL secured by LetsEncrypt and
some Comodo RSA Roots with SHA256 Intermediates.
I already fixed that by adding the respective certificates to the
keystore, but I assume it's better to get that persistent :)
Oh, and we're running 4.7 w/ 4.6 SSVM/CPVM-template.
cheers,
- Stephan
Am Mittwoch, den 16.03.2016, 09:22 +0000 schrieb Suresh Sadhu:
> Please check this link:
> http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html
>
>
> your uploaded certis loaded in the database in keystore table, after upload ssl successful it recreate ssvm/cpvm with new key .
>
> regards
> sadhu
>
>
> -----Original Message-----
> From: Stephan Seitz [mailto:s.seitz@secretresearchfacility.com]
> Sent: Wednesday, March 16, 2016 2:13 PM
> To: dev@cloudstack.apache.org
> Subject: ./certs/realhostip.keystore in SSVN
>
> Hey devs!
>
> I just added some recent root-CA certificates to running SSVM instances.
> I'ld like to persist this by updating the realhostip.keystore, and can't locate that keystore file inside the template.vhd.
> Even after searching the git repo, I don't know where this file is deployed from.
>
> Could someone please shed some light where to find that keystore source?
>
> Thanks in advance!
>
> cheers,
>
> - Stephan
>
>
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: ./certs/realhostip.keystore in SSVN
Posted by Suresh Sadhu <su...@accelerite.com>.
Please check this link:
http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html
your uploaded certis loaded in the database in keystore table, after upload ssl successful it recreate ssvm/cpvm with new key .
regards
sadhu
-----Original Message-----
From: Stephan Seitz [mailto:s.seitz@secretresearchfacility.com]
Sent: Wednesday, March 16, 2016 2:13 PM
To: dev@cloudstack.apache.org
Subject: ./certs/realhostip.keystore in SSVN
Hey devs!
I just added some recent root-CA certificates to running SSVM instances.
I'ld like to persist this by updating the realhostip.keystore, and can't locate that keystore file inside the template.vhd.
Even after searching the git repo, I don't know where this file is deployed from.
Could someone please shed some light where to find that keystore source?
Thanks in advance!
cheers,
- Stephan
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.