Sadhu, thank you for your feedback. unfortunately, my problem is not using own certificates on the SSVM/CPVM. This is already done.
We're missing some newer Root-CA certificates in the keystore, so therefor some https-download-URL are not working since SSVM doesn't know about that (even valid) root-CA. My question is, how to I add root-CA to the keystore (say, an equivalent to the system-wide "aptitude upgrade ca-certificates"). I think, I could also file a jira ticket but I want to understand the mechanisms in prior. Right now, we encounter Problems with D/L URL secured by LetsEncrypt and some Comodo RSA Roots with SHA256 Intermediates. I already fixed that by adding the respective certificates to the keystore, but I assume it's better to get that persistent :) Oh, and we're running 4.7 w/ 4.6 SSVM/CPVM-template. cheers, - Stephan Am Mittwoch, den 16.03.2016, 09:22 +0000 schrieb Suresh Sadhu: > Please check this link: > http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html > > > your uploaded certis loaded in the database in keystore table, after upload > ssl successful it recreate ssvm/cpvm with new key . > > regards > sadhu > > > -----Original Message----- > From: Stephan Seitz [mailto:s.se...@secretresearchfacility.com] > Sent: Wednesday, March 16, 2016 2:13 PM > To: dev@cloudstack.apache.org > Subject: ./certs/realhostip.keystore in SSVN > > Hey devs! > > I just added some recent root-CA certificates to running SSVM instances. > I'ld like to persist this by updating the realhostip.keystore, and can't > locate that keystore file inside the template.vhd. > Even after searching the git repo, I don't know where this file is deployed > from. > > Could someone please shed some light where to find that keystore source? > > Thanks in advance! > > cheers, > > - Stephan > > > > > DISCLAIMER > ========== > This e-mail may contain privileged and confidential information which is the > property of Accelerite, a Persistent Systems business. It is intended only > for the use of the individual or entity to which it is addressed. If you are > not the intended recipient, you are not authorized to read, retain, copy, > print, distribute or use this message. If you have received this > communication in error, please notify the sender and delete all copies of > this message. Accelerite, a Persistent Systems business does not accept any > liability for virus infected mails.
