You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Özhan Rüzgar Karaman <or...@gmail.com> on 2016/05/18 10:08:53 UTC
Problem enabling Intermediate SSL Certificate on Console VM
Hi Developers;
My console vm works successfully over SSL connections. Yesterday we
realised that firefox could not validate our SSL certificate and it gives
us certificate validation errors.
We checked keystore table on database and noticed that we have not imported
intermediate certificate and console vm works over SSL without any
intermediate SSL certificates. We checked Alpha SSL web site and downloaded
the certificate file(
https://www.alphassl.com/support/install-root-certificate.html) and delete
the keystore table and re import all root cert + intermediate + server cert
+ private key from Cloudstack Admin interface. After that we have checked
the console vm logs(/var/log/cloud/cloud.out) and we noticed that it could
not successfully download the ssl certificate from ACS. The errors are
below.
I checked the keystore table and it looks okey. After that i restored the
keystore table from backup which does not have any intermediate
certificate, console vm started to work, but because we do not have
intermediate certificate in console vm, windows firefox clients again could
not connect to console sessions.
Does anyone experience this kind of problem on enabling intermediate
certificate? Also which kind of intermediate certificate format need to be
used on ACS, are all formats valid for CloudStack 4.8 ? Alpha SSL provides
SHA-1 and SHA-256 formats for intermediate certificates.
Thanks for all responses & time.
Regards
Özhan
2016-05-18 09:45:56,205 INFO
[cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) Start initializing SSL
2016-05-18 09:45:56,205 INFO
[cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) No certificates passed, recheck global
configuration and certificates
2016-05-18 09:45:56,205 INFO
[cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) Start initializing SSL
2016-05-18 09:45:56,206 INFO
[cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) No certificates passed, recheck global
configuration and certificates
2016-05-18 09:45:56,227 ERROR
[cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) java.lang.NullPointerException: null SSLContext
java.lang.NullPointerException: null SSLContext
at
com.sun.net.httpserver.HttpsConfigurator.<init>(HttpsConfigurator.java:81)
at
com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl$1.<init>(ConsoleProxySecureServerFactoryImpl.java:82)
at
com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl.createHttpServerInstance(ConsoleProxySecureServerFactoryImpl.java:82)
at
com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:356)
at com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:331)
at
com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:316)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:331)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at java.lang.Thread.run(Thread.java:745)
2016-05-18 09:45:56,240 ERROR [cloud.consoleproxy.ConsoleProxy]
(Console-Proxy-Main:null) null
java.lang.NullPointerException
at
com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:357)
at com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:331)
at
com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:316)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:331)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at java.lang.Thread.run(Thread.java:745)
2016-05-18 09:45:56,251 INFO [cloud.agent.Agent]
(AgentShutdownThread:null) Stopping the agent: Reason = sig.kill
2016-05-18 09:45:56,255 DEBUG [cloud.agent.Agent]
(AgentShutdownThread:null) Sending shutdown to management server
Re: Problem enabling Intermediate SSL Certificate on Console VM
Posted by Daan Hoogland <da...@gmail.com>.
Thanks for reporting back Ohzan,
sorry we couldn't be of much help ;)
On Wed, May 18, 2016 at 2:52 PM, Özhan Rüzgar Karaman <
oruzgarkaraman@gmail.com> wrote:
> Hi;
> I solved the issue, somehow Alpha SSL has an extra space character in their
> intermediate CA file. So i removed the space character and reinstall the
> intermediate CA an now Console VM is fine. I will also remind Alpha SSL
> about the extra space character in their intermediate CA file.
>
> Thanks for your time.
>
> Regards
> Özhan
>
> On Wed, May 18, 2016 at 1:08 PM, Özhan Rüzgar Karaman <
> oruzgarkaraman@gmail.com> wrote:
>
> > Hi Developers;
> > My console vm works successfully over SSL connections. Yesterday we
> > realised that firefox could not validate our SSL certificate and it gives
> > us certificate validation errors.
> >
> > We checked keystore table on database and noticed that we have not
> > imported intermediate certificate and console vm works over SSL without
> any
> > intermediate SSL certificates. We checked Alpha SSL web site and
> downloaded
> > the certificate file(
> > https://www.alphassl.com/support/install-root-certificate.html) and
> > delete the keystore table and re import all root cert + intermediate +
> > server cert + private key from Cloudstack Admin interface. After that we
> > have checked the console vm logs(/var/log/cloud/cloud.out) and we noticed
> > that it could not successfully download the ssl certificate from ACS. The
> > errors are below.
> >
> > I checked the keystore table and it looks okey. After that i restored the
> > keystore table from backup which does not have any intermediate
> > certificate, console vm started to work, but because we do not have
> > intermediate certificate in console vm, windows firefox clients again
> could
> > not connect to console sessions.
> >
> > Does anyone experience this kind of problem on enabling intermediate
> > certificate? Also which kind of intermediate certificate format need to
> be
> > used on ACS, are all formats valid for CloudStack 4.8 ? Alpha SSL
> provides
> > SHA-1 and SHA-256 formats for intermediate certificates.
> >
> > Thanks for all responses & time.
> >
> > Regards
> > Özhan
> >
> >
> >
> > 2016-05-18 09:45:56,205 INFO
> > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> > (Console-Proxy-Main:null) Start initializing SSL
> > 2016-05-18 09:45:56,205 INFO
> > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> > (Console-Proxy-Main:null) No certificates passed, recheck global
> > configuration and certificates
> > 2016-05-18 09:45:56,205 INFO
> > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> > (Console-Proxy-Main:null) Start initializing SSL
> > 2016-05-18 09:45:56,206 INFO
> > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> > (Console-Proxy-Main:null) No certificates passed, recheck global
> > configuration and certificates
> > 2016-05-18 09:45:56,227 ERROR
> > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> > (Console-Proxy-Main:null) java.lang.NullPointerException: null SSLContext
> > java.lang.NullPointerException: null SSLContext
> > at
> >
> com.sun.net.httpserver.HttpsConfigurator.<init>(HttpsConfigurator.java:81)
> > at
> >
> com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl$1.<init>(ConsoleProxySecureServerFactoryImpl.java:82)
> > at
> >
> com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl.createHttpServerInstance(ConsoleProxySecureServerFactoryImpl.java:82)
> > at
> >
> com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:356)
> > at com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:331)
> > at
> >
> com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:316)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:606)
> > at
> >
> com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:331)
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> > at java.lang.Thread.run(Thread.java:745)
> > 2016-05-18 09:45:56,240 ERROR [cloud.consoleproxy.ConsoleProxy]
> > (Console-Proxy-Main:null) null
> > java.lang.NullPointerException
> > at
> >
> com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:357)
> > at com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:331)
> > at
> >
> com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:316)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:606)
> > at
> >
> com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:331)
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> > at java.lang.Thread.run(Thread.java:745)
> > 2016-05-18 09:45:56,251 INFO [cloud.agent.Agent]
> > (AgentShutdownThread:null) Stopping the agent: Reason = sig.kill
> > 2016-05-18 09:45:56,255 DEBUG [cloud.agent.Agent]
> > (AgentShutdownThread:null) Sending shutdown to management server
> >
>
--
Daan
Re: Problem enabling Intermediate SSL Certificate on Console VM
Posted by Özhan Rüzgar Karaman <or...@gmail.com>.
Hi;
I solved the issue, somehow Alpha SSL has an extra space character in their
intermediate CA file. So i removed the space character and reinstall the
intermediate CA an now Console VM is fine. I will also remind Alpha SSL
about the extra space character in their intermediate CA file.
Thanks for your time.
Regards
Özhan
On Wed, May 18, 2016 at 1:08 PM, Özhan Rüzgar Karaman <
oruzgarkaraman@gmail.com> wrote:
> Hi Developers;
> My console vm works successfully over SSL connections. Yesterday we
> realised that firefox could not validate our SSL certificate and it gives
> us certificate validation errors.
>
> We checked keystore table on database and noticed that we have not
> imported intermediate certificate and console vm works over SSL without any
> intermediate SSL certificates. We checked Alpha SSL web site and downloaded
> the certificate file(
> https://www.alphassl.com/support/install-root-certificate.html) and
> delete the keystore table and re import all root cert + intermediate +
> server cert + private key from Cloudstack Admin interface. After that we
> have checked the console vm logs(/var/log/cloud/cloud.out) and we noticed
> that it could not successfully download the ssl certificate from ACS. The
> errors are below.
>
> I checked the keystore table and it looks okey. After that i restored the
> keystore table from backup which does not have any intermediate
> certificate, console vm started to work, but because we do not have
> intermediate certificate in console vm, windows firefox clients again could
> not connect to console sessions.
>
> Does anyone experience this kind of problem on enabling intermediate
> certificate? Also which kind of intermediate certificate format need to be
> used on ACS, are all formats valid for CloudStack 4.8 ? Alpha SSL provides
> SHA-1 and SHA-256 formats for intermediate certificates.
>
> Thanks for all responses & time.
>
> Regards
> Özhan
>
>
>
> 2016-05-18 09:45:56,205 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) Start initializing SSL
> 2016-05-18 09:45:56,205 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) No certificates passed, recheck global
> configuration and certificates
> 2016-05-18 09:45:56,205 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) Start initializing SSL
> 2016-05-18 09:45:56,206 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) No certificates passed, recheck global
> configuration and certificates
> 2016-05-18 09:45:56,227 ERROR
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) java.lang.NullPointerException: null SSLContext
> java.lang.NullPointerException: null SSLContext
> at
> com.sun.net.httpserver.HttpsConfigurator.<init>(HttpsConfigurator.java:81)
> at
> com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl$1.<init>(ConsoleProxySecureServerFactoryImpl.java:82)
> at
> com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl.createHttpServerInstance(ConsoleProxySecureServerFactoryImpl.java:82)
> at
> com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:356)
> at com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:331)
> at
> com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:316)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:331)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at java.lang.Thread.run(Thread.java:745)
> 2016-05-18 09:45:56,240 ERROR [cloud.consoleproxy.ConsoleProxy]
> (Console-Proxy-Main:null) null
> java.lang.NullPointerException
> at
> com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:357)
> at com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:331)
> at
> com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:316)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:331)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at java.lang.Thread.run(Thread.java:745)
> 2016-05-18 09:45:56,251 INFO [cloud.agent.Agent]
> (AgentShutdownThread:null) Stopping the agent: Reason = sig.kill
> 2016-05-18 09:45:56,255 DEBUG [cloud.agent.Agent]
> (AgentShutdownThread:null) Sending shutdown to management server
>