Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Ilya, See the last few lines of this post, I had a similar problem a while back: http://www.nux.ro/archive/2014/03/Run_your_own_realhostip.html -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "ilya" <ilya.mailing.li...@gmail.com> > To: dev@cloudstack.apache.org > Sent: Friday, 1 April, 2016 01:09:56 > Subject: Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM > I have a web-service that serves CloudStack templates, the SSL on the > download web service is signed by internal CA. This means i need to > inject the intermediate CA as well as ROOT CA into SSVM's java keystore > - for java client to be able to recognize the Certs and download the > template from remote repository. > > > > > > On 3/29/16 4:48 AM, Daan Hoogland wrote: >> Ilya, to my knowledge the certificate won't be saved on file. It will be >> loaded from the command coming from the MS in the agent directly. Why are >> you looking to update the ssvm? I thought these are only used in the >> consoleproxy. >> >> On Tue, Mar 29, 2016 at 12:17 AM, ilya <ilya.mailing.li...@gmail.com> wrote: >> >>> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show >>> up in SSVM java keystore. >>> >>> >>> I've followed the procedure on >>> >>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs >>> >>> and >>> >>> >>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name >>> >>> But after restart of SSVM and MS - the keystore still has default Go >>> Daddy certs. >>> >>> Would any know how to troubleshoot it? >>> >>> Also, one thing to note, i'm not uploading the actual wild card cert - >>> is its against security policy. It will be impossible for me to get a >>> wildcard cert. >>> >>> Regards >>> ilya >>> >> >>
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
I have a web-service that serves CloudStack templates, the SSL on the download web service is signed by internal CA. This means i need to inject the intermediate CA as well as ROOT CA into SSVM's java keystore - for java client to be able to recognize the Certs and download the template from remote repository. On 3/29/16 4:48 AM, Daan Hoogland wrote: > Ilya, to my knowledge the certificate won't be saved on file. It will be > loaded from the command coming from the MS in the agent directly. Why are > you looking to update the ssvm? I thought these are only used in the > consoleproxy. > > On Tue, Mar 29, 2016 at 12:17 AM, ilyawrote: > >> I'm having difficulty getting ROOT and INTERMEDIATE certificates to show >> up in SSVM java keystore. >> >> >> I've followed the procedure on >> >> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs >> >> and >> >> >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name >> >> But after restart of SSVM and MS - the keystore still has default Go >> Daddy certs. >> >> Would any know how to troubleshoot it? >> >> Also, one thing to note, i'm not uploading the actual wild card cert - >> is its against security policy. It will be impossible for me to get a >> wildcard cert. >> >> Regards >> ilya >> > > >
RE: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Illa, Is there any issue noticed while uploading/applying certificate., it refers old certificate if uploacertificate has any issues. Check your logs for any exceptions. Use below command to list all the certs in the keystore.if your certificate uploaded successfully then you can see entry(certificate) in the output with latest date keytool -list -keystore /usr/local/cloud/systemvm/certs/realhostip.keystore -storepass vmops.com Regards Sadhu -Original Message- From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] Sent: Tuesday, March 29, 2016 5:19 PM To: dev Subject: Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM Ilya, to my knowledge the certificate won't be saved on file. It will be loaded from the command coming from the MS in the agent directly. Why are you looking to update the ssvm? I thought these are only used in the consoleproxy. On Tue, Mar 29, 2016 at 12:17 AM, ilya <ilya.mailing.li...@gmail.com> wrote: > I'm having difficulty getting ROOT and INTERMEDIATE certificates to > show up in SSVM java keystore. > > > I've followed the procedure on > > http://docs.cloudstack.apache.org/projects/cloudstack-administration/e > n/4.8/systemvm.html?highlight=pkcs > > and > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re > place+realhostip.com+with+Your+Own+Domain+Name > > But after restart of SSVM and MS - the keystore still has default Go > Daddy certs. > > Would any know how to troubleshoot it? > > Also, one thing to note, i'm not uploading the actual wild card cert - > is its against security policy. It will be impossible for me to get a > wildcard cert. > > Regards > ilya > -- Daan DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
Ilya, to my knowledge the certificate won't be saved on file. It will be loaded from the command coming from the MS in the agent directly. Why are you looking to update the ssvm? I thought these are only used in the consoleproxy. On Tue, Mar 29, 2016 at 12:17 AM, ilyawrote: > I'm having difficulty getting ROOT and INTERMEDIATE certificates to show > up in SSVM java keystore. > > > I've followed the procedure on > > http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs > > and > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name > > But after restart of SSVM and MS - the keystore still has default Go > Daddy certs. > > Would any know how to troubleshoot it? > > Also, one thing to note, i'm not uploading the actual wild card cert - > is its against security policy. It will be impossible for me to get a > wildcard cert. > > Regards > ilya > -- Daan
[SSL CERTS] Importing ROOT and INTERMEDIATE certs for SSVM
I'm having difficulty getting ROOT and INTERMEDIATE certificates to show up in SSVM java keystore. I've followed the procedure on http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/systemvm.html?highlight=pkcs and https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name But after restart of SSVM and MS - the keystore still has default Go Daddy certs. Would any know how to troubleshoot it? Also, one thing to note, i'm not uploading the actual wild card cert - is its against security policy. It will be impossible for me to get a wildcard cert. Regards ilya