Kirk, When I open a browser window directly to the console server I get an invalid certificate error.
"This certificate was signed by an unknown authority" I need to get that correct but will that stop me in my tracks? When I click to ignore I get a 404 Not Found error message "No context found for request". -Rob On Sun, Dec 30, 2012 at 10:17 PM, Kirk Kosinski <kirkkosin...@gmail.com>wrote: > What is the error in the browser? Can you connect to 443/tcp on the > console proxy from your desktop? > > Best regards, > Kirk > > On 12/30/2012 11:10 AM, Robert Booth wrote: > > Thanks Kirk, > > > > Yes that did it. My domain name is now updated but I still feel no love > > with the console proxy. The URL has been updated and everything is > > resolving correctly but I still can't connect via the remote console. > > I used a self-signed CA and server cert so I'm wondering if that is my > > problem. I'm going to keep digging and what I'm missing. My guess is the > > Root CA I created is not trusted in the system. > > > > As a side not for anyone trying to update the cert in the UI and getting > an > > error the it's an invalid cert I did the following. > > > > 1. Created CA private key > > - openssl genrsa -des3 -out mydomain.priv.key 2048 * Remember password > > you will need it > > > > 2. Created CA certificate request file > > - openssl req -new -key mydomain.priv.key -out mydomain.req > > > > 3. Self-sign my CA request > > - openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf > > -extensions v3_ca -signkey mydomain.priv.key -in mydomain.req -out > > mydomain.crt > > > > 4. Created a server key > > - openssl genrsa -out cloud.mydomain.priv.key 2048 > > > > 5. Generate Server certificate request file > > - openssl req -new -key cloud.mydomain.priv.key -out cloud.mydomain.req > > > > 6. Sign my server request > > - openssl x509 -req -days 7000 -sha1 -extfile /etc/ssl/openssl.cnf > > -extensions v3_req -CA mydomain.crt -CAkey mydomain.priv.key > > -CAcreateserial -in cloud.mydomain.req -out cloud.mydomain.crt > > > > *** This last step is what fixed my UI error on an invalid SSL key > > 7. create a PKCS8 key file > > - openssl pkcs8 -topk8 -in cloud.mydomain.priv.key -inform pem -out > > cloud.mydomain.pkcs8.key -outform pem -nocrypt > > > > > > In the UI put the contents of cloud.mydomain.crt into certificate field. > > Put the contents on cloud.mydomain.pkcs8.key into the PKCS#8 Private Key > > and finally put your domain name in. > > > > > > > > > > On Sun, Dec 30, 2012 at 4:55 AM, Kirk Kosinski <kirkkosin...@gmail.com > >wrote: > > > >> Hi, Rob. I don't know what that global setting is supposed to do. To > >> update the domain, follow the procedure to update the SSL certificate > >> (in UI, Infrastructure > Update SSL Certificate), which includes the > >> option to update the domain. > >> > >> Best regards, > >> Kirk > >> > >> On 12/29/2012 12:36 PM, Robert Booth wrote: > >>> I'm trying to get the remote console view to work but I can't seem to > get > >>> past the realhostip.com url setting. > >>> > >>> I have a fresh install of CloudStack 4.0 on updated Ubuntu 12.04 > >> management > >>> server and host. I'm running KVM on the host. > >>> > >>> I've updated the consoleproxy.url.domain setting on the management > server > >>> to a valid external domain name and restarted my management server and > no > >>> luck. > >>> > >>> Things I've tried. > >>> > >>> Restarted the management server > >>> > >>> Restarted the agent service > >>> > >>> Removed all system vms and recreated them. > >>> > >>> Rebooted the management server and the host > >>> > >>> I still get the realhostip.com address when I try to console into a vm > >> via > >>> the UI. > >>> > >>> Any help would be great! > >>> > >>> Thanks, > >>> Rob > >>> > >> > > >
