On Thu, Feb 28, 2013 at 10:03:05PM +0000, Paul Sanders wrote: > Hello All, > > I am trying to get the console proxy working through CloudStack and am > unable to update the SSL certificates and change from realworldip.com. > > I have created my request and signed it from my internal CA. I have also > exported my private key in pkcs8. > > When I enter my .cert and .pkcs8 into the cloudstack gui I get 'Failed to > update SSL Certificate'. There are no errors in management.log. Where can I > look to troubleshoot this issue? > > It may be worth pointing out that the domain I am using is a .local as it > is a lab environment, but I cant see why that would be an issue. > > Thanks > > PAul > > --- > Kind Regards > > Paul Sanders > Mail: paul.sander...@googlemail.com
I wrote a blog post about this (and still owe it to the project to add docs) here: http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html While your scenario isn't about using an intermediate CA, you are basically trying to add a new root CA to the know root list in the keystore. The trick is to use the API (instead of the UI) to load the certs in the right order. Give it a shot, and let me know if you have any questions.
