Tnx Amogh, i have checked management-server.log and no new entries or errors regarding certificate operation are written at the time when i get "Failed to update SSL Certificate." error message. I tried it a couple of times. I also used somedomain.tld in the GUI. Certificate is for *.somedomain.tld. I will go thru whole create CA and certificate process again and retry. There must be some simple mistake in my process somewhere. Lack of errors in logs, is also strange. :-/
Regards, F. On 24 Sep 2014, at 21:10, Amogh Vasekar <amogh.vase...@citrix.com> wrote: > Hi, > > Couple of things : > > 1. The error will be logged to the cloudstack management server log file > (management-server.log) and would really help to know what it is. > 2. While uploading the certificate, the domain_suffix should be > somedomain.tld and not *.somedomain.tld (the asterisk is only for global > config so that cloudstack can distinguish between HTTP and HTTPS modes) > > Thanks > Amogh > > On 9/24/14 7:40 AM, "France" <mailingli...@isg.si> wrote: > >> Hi guys, >> >> i want to migrate away from realhostip.com. I have set up DNS service in >> no time, but am having problems importing certificates to ACS 3.4.1. >> >> I created my own CA like this: >> >> cd /etc/pki/CA >> touch index.txt >> echo 1000 > serial >> openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096 >> chmod 400 /etc/pki/CA/private/ca.key.pem >> nano -w /etc/pki/tls/openssl.cnf >> openssl req -new -x509 -days 63650 -key /etc/pki/CA/private/ca.key.pem >> -sha256 -extensions v3_ca -out /etc/pki/CA/certs/ca.cert.pem >> >> >> Signed my own keys and converted them to pkcs8 format like this: >> >> cd /etc/pki/CA >> openssl genrsa -out private/vse.somedomain.tld.key.pem 4096 >> chmod 400 private/vse.somedomain.tld.key.pem >> openssl req -sha256 -new -key private/vse.somedomain.tld.key.pem -out >> certs/vse.somedomain.tld.csr.pem >> openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem >> -extensions usr_cert -notext -md sha256 -days 63649 -in >> certs/vse.somedomain.tld.csr.pem -out certs/vse.somedomain.tld.cert.pem >> openssl pkcs8 -topk8 -in private/vse.somedomain.tld.key.pem -out >> private/vse.somedomain.tld.key.encrypted.pkcs8 >> openssl pkcs8 -in private/vse.somedomain.tld.key.encrypted.pkcs8 -out >> private/vse.somedomain.tld.key.pkcs8 >> chmod 400 private/vse.somedomain.tld.key.encrypted.pkcs8 >> chmod 400 private/vse.somedomain.tld.key.pkcs8 >> >> >> >> But when trying to import it via GUI: infrastructure -> SSL Certificate: >> Certificate from vse.somedomain.tld.cert.pem >> PKCS8 from private/vse.somedomain.tld.key.pkcs8 >> DNS domain suffix to: *.somedomain.tld >> >> But it fails with: >> "Failed to update SSL Certificate." >> >> Please help me upload the new certificate. >> Catalina.out shows no error. I have no idea what else to check. >> >> Thank you. >> F. >> >> >
