Opening a browser window directly to HTTPS on a console proxy will normally give a 404 error. Try accessing a VM console through the CloudStack UI (which should generate and use a valid URL to the console proxy) and ignore the cert error to see what happens.
Kirk On 12/30/2012 08:37 PM, Robert Booth wrote: > Kirk, > > When I open a browser window directly to the console server I get an > invalid certificate error. > > "This certificate was signed by an unknown authority" > > I need to get that correct but will that stop me in my tracks? > > When I click to ignore I get a 404 Not Found error message "No context > found for request". > > -Rob > > > On Sun, Dec 30, 2012 at 10:17 PM, Kirk Kosinski <kirkkosin...@gmail.com>wrote: > >> What is the error in the browser? Can you connect to 443/tcp on the >> console proxy from your desktop? >> >> Best regards, >> Kirk >> >> On 12/30/2012 11:10 AM, Robert Booth wrote: >>> Thanks Kirk, >>> >>> Yes that did it. My domain name is now updated but I still feel no love >>> with the console proxy. The URL has been updated and everything is >>> resolving correctly but I still can't connect via the remote console. >>> I used a self-signed CA and server cert so I'm wondering if that is my >>> problem. I'm going to keep digging and what I'm missing. My guess is the >>> Root CA I created is not trusted in the system. >>> >>> As a side not for anyone trying to update the cert in the UI and getting >> an >>> error the it's an invalid cert I did the following. >>> >>> 1. Created CA private key >>> - openssl genrsa -des3 -out mydomain.priv.key 2048 * Remember password >>> you will need it >>> >>> 2. Created CA certificate request file >>> - openssl req -new -key mydomain.priv.key -out mydomain.req >>> >>> 3. Self-sign my CA request >>> - openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf >>> -extensions v3_ca -signkey mydomain.priv.key -in mydomain.req -out >>> mydomain.crt >>> >>> 4. Created a server key >>> - openssl genrsa -out cloud.mydomain.priv.key 2048 >>> >>> 5. Generate Server certificate request file >>> - openssl req -new -key cloud.mydomain.priv.key -out cloud.mydomain.req >>> >>> 6. Sign my server request >>> - openssl x509 -req -days 7000 -sha1 -extfile /etc/ssl/openssl.cnf >>> -extensions v3_req -CA mydomain.crt -CAkey mydomain.priv.key >>> -CAcreateserial -in cloud.mydomain.req -out cloud.mydomain.crt >>> >>> *** This last step is what fixed my UI error on an invalid SSL key >>> 7. create a PKCS8 key file >>> - openssl pkcs8 -topk8 -in cloud.mydomain.priv.key -inform pem -out >>> cloud.mydomain.pkcs8.key -outform pem -nocrypt >>> >>> >>> In the UI put the contents of cloud.mydomain.crt into certificate field. >>> Put the contents on cloud.mydomain.pkcs8.key into the PKCS#8 Private Key >>> and finally put your domain name in. >>> >>> >>> >>> >>> On Sun, Dec 30, 2012 at 4:55 AM, Kirk Kosinski <kirkkosin...@gmail.com >>> wrote: >>> >>>> Hi, Rob. I don't know what that global setting is supposed to do. To >>>> update the domain, follow the procedure to update the SSL certificate >>>> (in UI, Infrastructure > Update SSL Certificate), which includes the >>>> option to update the domain. >>>> >>>> Best regards, >>>> Kirk >>>> >>>> On 12/29/2012 12:36 PM, Robert Booth wrote: >>>>> I'm trying to get the remote console view to work but I can't seem to >> get >>>>> past the realhostip.com url setting. >>>>> >>>>> I have a fresh install of CloudStack 4.0 on updated Ubuntu 12.04 >>>> management >>>>> server and host. I'm running KVM on the host. >>>>> >>>>> I've updated the consoleproxy.url.domain setting on the management >> server >>>>> to a valid external domain name and restarted my management server and >> no >>>>> luck. >>>>> >>>>> Things I've tried. >>>>> >>>>> Restarted the management server >>>>> >>>>> Restarted the agent service >>>>> >>>>> Removed all system vms and recreated them. >>>>> >>>>> Rebooted the management server and the host >>>>> >>>>> I still get the realhostip.com address when I try to console into a vm >>>> via >>>>> the UI. >>>>> >>>>> Any help would be great! >>>>> >>>>> Thanks, >>>>> Rob >>>>> >>>> >>> >> >
