You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by ilya <il...@gmail.com> on 2016/03/29 00:17:29 UTC
[SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
I'm having difficulty getting ROOT and INTERMEDIATE certificates to show
up in SSVM java keystore.
I've followed the procedure on
http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs
and
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
But after restart of SSVM and MS - the keystore still has default Go
Daddy certs.
Would any know how to troubleshoot it?
Also, one thing to note, i'm not uploading the actual wild card cert -
is its against security policy. It will be impossible for me to get a
wildcard cert.
Regards
ilya
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Posted by Nux! <nu...@li.nux.ro>.
Ilya,
See the last few lines of this post, I had a similar problem a while back:
http://www.nux.ro/archive/2014/03/Run_your_own_realhostip.html
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "ilya" <il...@gmail.com>
> To: dev@cloudstack.apache.org
> Sent: Friday, 1 April, 2016 01:09:56
> Subject: Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
> I have a web-service that serves CloudStack templates, the SSL on the
> download web service is signed by internal CA. This means i need to
> inject the intermediate CA as well as ROOT CA into SSVM's java keystore
> - for java client to be able to recognize the Certs and download the
> template from remote repository.
>
>
>
>
>
> On 3/29/16 4:48 AM, Daan Hoogland wrote:
>> Ilya, to my knowledge the certificate won't be saved on file. It will be
>> loaded from the command coming from the MS in the agent directly. Why are
>> you looking to update the ssvm? I thought these are only used in the
>> consoleproxy.
>>
>> On Tue, Mar 29, 2016 at 12:17 AM, ilya <il...@gmail.com> wrote:
>>
>>> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show
>>> up in SSVM java keystore.
>>>
>>>
>>> I've followed the procedure on
>>>
>>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs
>>>
>>> and
>>>
>>>
>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
>>>
>>> But after restart of SSVM and MS - the keystore still has default Go
>>> Daddy certs.
>>>
>>> Would any know how to troubleshoot it?
>>>
>>> Also, one thing to note, i'm not uploading the actual wild card cert -
>>> is its against security policy. It will be impossible for me to get a
>>> wildcard cert.
>>>
>>> Regards
>>> ilya
>>>
>>
>>
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Posted by ilya <il...@gmail.com>.
I have a web-service that serves CloudStack templates, the SSL on the
download web service is signed by internal CA. This means i need to
inject the intermediate CA as well as ROOT CA into SSVM's java keystore
- for java client to be able to recognize the Certs and download the
template from remote repository.
On 3/29/16 4:48 AM, Daan Hoogland wrote:
> Ilya, to my knowledge the certificate won't be saved on file. It will be
> loaded from the command coming from the MS in the agent directly. Why are
> you looking to update the ssvm? I thought these are only used in the
> consoleproxy.
>
> On Tue, Mar 29, 2016 at 12:17 AM, ilya <il...@gmail.com> wrote:
>
>> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show
>> up in SSVM java keystore.
>>
>>
>> I've followed the procedure on
>>
>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs
>>
>> and
>>
>>
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
>>
>> But after restart of SSVM and MS - the keystore still has default Go
>> Daddy certs.
>>
>> Would any know how to troubleshoot it?
>>
>> Also, one thing to note, i'm not uploading the actual wild card cert -
>> is its against security policy. It will be impossible for me to get a
>> wildcard cert.
>>
>> Regards
>> ilya
>>
>
>
>
RE: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Posted by Suresh Sadhu <su...@accelerite.com>.
Illa,
Is there any issue noticed while uploading/applying certificate., it refers old certificate if uploacertificate has any issues.
Check your logs for any exceptions.
Use below command to list all the certs in the keystore.if your certificate uploaded successfully then you can see entry(certificate) in the output with latest date
keytool -list -keystore /usr/local/cloud/systemvm/certs/realhostip.keystore -storepass vmops.com
Regards
Sadhu
-----Original Message-----
From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
Sent: Tuesday, March 29, 2016 5:19 PM
To: dev
Subject: Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Ilya, to my knowledge the certificate won't be saved on file. It will be loaded from the command coming from the MS in the agent directly. Why are you looking to update the ssvm? I thought these are only used in the consoleproxy.
On Tue, Mar 29, 2016 at 12:17 AM, ilya <il...@gmail.com> wrote:
> I'm having difficulty getting ROOT and INTERMEDIATE certificates to
> show up in SSVM java keystore.
>
>
> I've followed the procedure on
>
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/e
> n/4.8/systemvm.html?highlight=pkcs
>
> and
>
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re
> place+realhostip.com+with+Your+Own+Domain+Name
>
> But after restart of SSVM and MS - the keystore still has default Go
> Daddy certs.
>
> Would any know how to troubleshoot it?
>
> Also, one thing to note, i'm not uploading the actual wild card cert -
> is its against security policy. It will be impossible for me to get a
> wildcard cert.
>
> Regards
> ilya
>
--
Daan
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Posted by Daan Hoogland <da...@gmail.com>.
Ilya, to my knowledge the certificate won't be saved on file. It will be
loaded from the command coming from the MS in the agent directly. Why are
you looking to update the ssvm? I thought these are only used in the
consoleproxy.
On Tue, Mar 29, 2016 at 12:17 AM, ilya <il...@gmail.com> wrote:
> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show
> up in SSVM java keystore.
>
>
> I've followed the procedure on
>
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs
>
> and
>
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
>
> But after restart of SSVM and MS - the keystore still has default Go
> Daddy certs.
>
> Would any know how to troubleshoot it?
>
> Also, one thing to note, i'm not uploading the actual wild card cert -
> is its against security policy. It will be impossible for me to get a
> wildcard cert.
>
> Regards
> ilya
>
--
Daan