Rob, Did you populate your DNS server with all of the A records for each IP in your range?
Information is in this document. http://docs.cloudstack.org/Knowledge_Base/Replacing_realhostip.com_with_your_own_domain Thanks, Matt On Dec 31, 2012, at 9:01 AM, "Robert Booth" <robert.bo...@trebortech.com<mailto:robert.bo...@trebortech.com>> wrote: Kirk, When I try to connect via the UI "View Console" link I get This webpage is not available The webpage at *https://......my console server dns name......../ajax?token=Gt3DTg7XXUFOpQjQX1hY9tyik9hj-No8TbP2jveS5VNPdMaqHnAwasJJhHOkX0QSUFHPcWfTlT9dgbd5AUvKfr0knkdeS51Ghb4u6DzBkq8iwUipstcz4JG5FOCKPO4VtDW3tne4FRcqkhJWwOvCc9Tl0LYv9Q3qg50ssYG3mrg7BBYmV8iJy7VmNxPmMQ38jqIRk4N4gbB3HwHQcxi3TY3G9BwKVcFkY4i06X4sIG_fe4C1ugAnSAy0F94hekCV5wPaaGu4kWA * might be temporarily down or it may have moved permanently to a new web address. Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error. Funny thing is when I hover over the "View Console" button the url shown in the browser status bar is http://CloudManagement:8080/client/#. Using the chrome developer tools I found the href tag is set to "#". -Rob On Sun, Dec 30, 2012 at 10:51 PM, Kirk Kosinski <kirkkosin...@gmail.com<mailto:kirkkosin...@gmail.com>>wrote: Opening a browser window directly to HTTPS on a console proxy will normally give a 404 error. Try accessing a VM console through the CloudStack UI (which should generate and use a valid URL to the console proxy) and ignore the cert error to see what happens. Kirk On 12/30/2012 08:37 PM, Robert Booth wrote: Kirk, When I open a browser window directly to the console server I get an invalid certificate error. "This certificate was signed by an unknown authority" I need to get that correct but will that stop me in my tracks? When I click to ignore I get a 404 Not Found error message "No context found for request". -Rob On Sun, Dec 30, 2012 at 10:17 PM, Kirk Kosinski <kirkkosin...@gmail.com<mailto:kirkkosin...@gmail.com> wrote: What is the error in the browser? Can you connect to 443/tcp on the console proxy from your desktop? Best regards, Kirk On 12/30/2012 11:10 AM, Robert Booth wrote: Thanks Kirk, Yes that did it. My domain name is now updated but I still feel no love with the console proxy. The URL has been updated and everything is resolving correctly but I still can't connect via the remote console. I used a self-signed CA and server cert so I'm wondering if that is my problem. I'm going to keep digging and what I'm missing. My guess is the Root CA I created is not trusted in the system. As a side not for anyone trying to update the cert in the UI and getting an error the it's an invalid cert I did the following. 1. Created CA private key - openssl genrsa -des3 -out mydomain.priv.key 2048 * Remember password you will need it 2. Created CA certificate request file - openssl req -new -key mydomain.priv.key -out mydomain.req 3. Self-sign my CA request - openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_ca -signkey mydomain.priv.key -in mydomain.req -out mydomain.crt 4. Created a server key - openssl genrsa -out cloud.mydomain.priv.key 2048 5. Generate Server certificate request file - openssl req -new -key cloud.mydomain.priv.key -out cloud.mydomain.req 6. Sign my server request - openssl x509 -req -days 7000 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_req -CA mydomain.crt -CAkey mydomain.priv.key -CAcreateserial -in cloud.mydomain.req -out cloud.mydomain.crt *** This last step is what fixed my UI error on an invalid SSL key 7. create a PKCS8 key file - openssl pkcs8 -topk8 -in cloud.mydomain.priv.key -inform pem -out cloud.mydomain.pkcs8.key -outform pem -nocrypt In the UI put the contents of cloud.mydomain.crt into certificate field. Put the contents on cloud.mydomain.pkcs8.key into the PKCS#8 Private Key and finally put your domain name in. On Sun, Dec 30, 2012 at 4:55 AM, Kirk Kosinski <kirkkosin...@gmail.com<mailto:kirkkosin...@gmail.com> wrote: Hi, Rob. I don't know what that global setting is supposed to do. To update the domain, follow the procedure to update the SSL certificate (in UI, Infrastructure > Update SSL Certificate), which includes the option to update the domain. Best regards, Kirk On 12/29/2012 12:36 PM, Robert Booth wrote: I'm trying to get the remote console view to work but I can't seem to get past the realhostip.com<http://realhostip.com> url setting. I have a fresh install of CloudStack 4.0 on updated Ubuntu 12.04 management server and host. I'm running KVM on the host. I've updated the consoleproxy.url.domain setting on the management server to a valid external domain name and restarted my management server and no luck. Things I've tried. Restarted the management server Restarted the agent service Removed all system vms and recreated them. Rebooted the management server and the host I still get the realhostip.com<http://realhostip.com> address when I try to console into a vm via the UI. Any help would be great! Thanks, Rob
