Suresh, not sure if I miss something, but on: http://cloudstack-administration.readthedocs.org/en/4.4/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain I dont see any mentioning of ROOT CA, and Intermediate CA.
The only page I found that references these, is: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name Not sure how to edit this one ? Thanks On 16 April 2015 at 14:28, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > Good to hear. If you feel documentation is not clear then please raise > the doc bug for the same. > > Regards > Sadhu > > > -----Original Message----- > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > Sent: 15 April 2015 16:39 > To: dev@cloudstack.apache.org > Cc: us...@cloudstack.apache.org > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > Hi guys, > > just to update - issue solved: > > Deleted the 5th row, so only 4 additional rows left (as original keystore > table layout prior to replacing certificate) > > The problem was actually, while URL encoding ROOT CA and Intermediate CA, > the plus sign ( + ) was replaced by SPACE... > > Thanks for all the help everybody > > > On 7 April 2015 at 20:10, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > > > If you have taken backup of your table(keystore) before upload then > > you revert to previous state then upload the certificates again. > > > > Encode(url ecode) the root and intermediate keys while uploading > > through api Root - seq 1 Intermediate seq 2 > > > > And while uploading server certificate through UI don 't encode > > the keys ,enter only server certificate and private key(it should be > > PKCS#8 > > format) and domain name because you have already uploaded root and > > intermediate through API.( how to check certificate uploaded correctly > > or not on system vms ,just run the keytool -list on system vms --for > > syntax/description ref this blog it might useful to you : > > http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-whi > > le.html > > ) > > > > Regards > > Sadhu > > > > > > -----Original Message----- > > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > > Sent: 07 April 2015 23:19 > > To: dev@cloudstack.apache.org > > Cc: us...@cloudstack.apache.org > > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > > > Thanks Suresh. > > > > 2 identical sequence numbers means: first occurence is OLD > > Intermediate CA(from 1 year ago), and the second occurence is the new > > one just uploaded (it happened I used different names) > > > > for ROOT CA - it happened I used the same name "ROOT1" so the old one > > got overwriten with seq number 1 > > > > Do you expect I should delete the old Intermediate1 CA manually (and > > leave only the new one) ? > > Or am I expected to upload again ROOT/intermediate with exact same > > names and seq numbers ? > > > > Thanks > > > > On 7 April 2015 at 19:43, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > > > > > I see same sequence number for 2 intermediate certificates. does > > > your certificate has multiple intermediate certificate or it has only > one. > > > > > > The reason for getting realhost ip is . your certificate is not > > > applied correctly that is reason it's still refer the old certificate. > > > > > > > > > Regards > > > sadhu > > > > > > -----Original Message----- > > > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > > > Sent: 07 April 2015 22:56 > > > To: us...@cloudstack.apache.org > > > Cc: dev@cloudstack.apache.org > > > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > > > > > Hi Lucian > > > > > > yes it is *.domain.com (from 4.3.1 onwards)... > > > > > > If you can check my attached image, keystore tableseems messed a > > > little bit > > > :) > > > http://snag.gy/LMA4h.jpg > > > > > > > > > On 7 April 2015 at 19:12, Nux! <n...@li.nux.ro> wrote: > > > > > > > Can you check secstorage.ssl.cert.domain in global settings and > > > > see if it's the correct one? > > > > Should be *.blah.tld or whatever your domain is. > > > > > > > > > > > > HTH > > > > Lucian > > > > > > > > -- > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > Nux! > > > > www.nux.ro > > > > > > > > ----- Original Message ----- > > > > > From: "Andrija Panic" <andrija.pa...@gmail.com> > > > > > To: us...@cloudstack.apache.org, dev@cloudstack.apache.org > > > > > Sent: Tuesday, 7 April, 2015 17:42:35 > > > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > > > > > > > > Hi guys, > > > > > > > > > > our SSL just expired, and I needed to upload new ROOT CA, > > > > > Intemediata > > > > ROOT > > > > > CA, and at the end SSL for sever and a private key. > > > > > > > > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded > > > > Intermediate > > > > > ROOT CA, via API, with URL encoded stuff - checked in database > > > > > all seems > > > > OK. > > > > > > > > > > But after uploading new SSL and private key, destroyed CPVM and > > > > > SSVM > > > > > - my Console Proxy shows *.realiphost.com as the domain for the > > > > > SSL wjen I access > > > > > > > > > > Any clues what I did wrong ? > > > > > Should I have somehow removed first old ROOT CA and old > > > > > Intermediate CA, and upload new ones ? > > > > > > > > > > Here is database content from cloud.keystore: > > > > > http://snag.gy/LMA4h.jpg > > > > > > > > > > This means that for some reason, original realiphost.com SSL is > > > > > now used inside CPVM... > > > > > > > > > > Any help greatly appreciated, since this is live system... > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > Andrija Panić > > > > > > > > > > > > > > > > -- > > > > > > Andrija Panić > > > > > > > > > > > -- > > > > Andrija Panić > > > > > > -- > > Andrija Panić > -- Andrija Panić
