Re: Console Proxy SSL Error

2014-05-11 Thread Ian Service 
I had the exact same issue Konstantinos, but by URL encoding the
certificates they all were accepted and then functioned correctly.

- Ian


On Tue, May 6, 2014 at 10:29 AM, Konstantinos Karampogias <
konstantinos.karampog...@centralway.com> wrote:

> I was also able to upload the root certificate and the intermediate
> certificate using exactly
> the script in this link
>
> http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
>
> I was not able to put my certificate and private key using the script,
> but i did it through the cloudstack web interface.
>
> A tip is to use api to get the error, for example when i was failing i
> was getting the error
> " cs job query cfa55630-6a76-4128-a759-469224ddee4f  -e cs3-admin
> accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266
> userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266
> cmd :
> org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd
> jobstatus : 2
> jobprocstatus : 0
> jobresultcode : 530
> jobresulttype : object
> jobresult :errorcode : 530
>errortext : Failed to pass certificate validation check
> created : 2014-05-06T15:47:52+0200
> jobid : cfa55630-6a76-4128-a759-469224ddee4f"
>
>
> when i succeeded  i got
> "$ cs job query 686d4d71-94da-4b27-9629-9067793147fa -e cs3-admin
> accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266
> userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266
> cmd :
> org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd
> jobstatus : 1
> jobprocstatus : 0
> jobresultcode : 0
> jobresulttype : object
> jobresult :customcertificate : {"message"=>"Certificate has been
> updated, we will stop all running console proxy VMs and secondary
> storage VMs to propagate the new certificate, please give a few
> minutes for console access service to be up again"}
> created : 2014-05-06T15:56:31+0200
> jobid : 686d4d71-94da-4b27-9629-9067793147fa
> "
>
> After you verify that all keys are there, verify also the console
> proxy is being restarted.
>
>
>
> On Tue, May 6, 2014 at 1:21 PM, Ian Service  wrote:
> > I was able to get it all to work using the API.
> >
> > I followed Chip's advice
> >
> http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
> >
> > The difference is is that I'm using my own CloudStack API wrapper in PHP
> > and the certificates and private key needed to be url encoded twice (once
> > for normal URL transmission and once before that for transmission into
> the
> > system) before they would be pushed out correctly to the system VMs.  I
> > also replaced all newlines with \r\n and trimmed off the white space from
> > beginning and end of the strings for good measure.
> >
> > Before I discovered that, the certificates would look like they had been
> > imported correctly in the database but were being prevented from being
> used
> > on the Java end of things.
> >
> > - Ian
> >
> >
> >
> > On Tue, May 6, 2014 at 2:17 AM, Gopala Krishnan  >wrote:
> >
> >> Yes... I have changed manually id in keystore tables.
> >>
> >> 1 for root cert
> >> 2 for intermediate CA
> >> 3 for certificate
> >>
> >>
> >>
> >>
> >> On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar <
> amogh.vase...@citrix.com
> >> >wrote:
> >>
> >> > Can you please outline the steps in uploading intermediate and root
> >> > certificates? Specifically, was the "id" parameter set (1 for root, 2
> for
> >> > intermediate_ca_1 etc..)
> >> >
> >> > Amogh
> >> >
> >> > On 5/5/14 10:10 PM, "Gopala Krishnan"  wrote:
> >> >
> >> > >Amogh,
> >> > >
> >> > >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
> >> > >certificate as per order.  But still not console accessible.
> >> > >
> >> > >Any idea?
> >> > >
> >> > >
> >> > >
> >> > >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar
> >> > >wrote:
> >> > >
> >> > >> Hi,
> >> > >>
> >> > >> Which version are you on? Also, did you upload the root and
> >> intermediate
> >> > >> certificates (if any)?
> >> > >>
> >> > >> Amogh
> >> > >>
> >> > >> On 5/3/14 3:38 AM, "Gopala Krishnan" 
> wrote:
> >> > >>
> >> > >> >Hi,
> >> > >> >
> >> > >> >I have tried to change realhostip.com for console proxy. I have
> >> > created
> >> > >> >SSL
> >> > >> >certificate with wildcard SSL and updated as per the cloudstack
> >> > >>document.
> >> > >> >
> >> > >> >
> >> > >>
> >> > >>
> >> >
> >>
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l
> >> > >>a
> >> > >> >test/systemvm.html#console-proxy
> >> > >> >
> >> > >> >Its not working.. I have done the following steps.
> >> > >> >
> >> > >> >Purchased SSL certificate for my domain *.hostname.com and
> updated
> >> the
> >> > >> >certificate via the cloudstack UI.
> >> > >> >
> >> > >> >Infrastructure - > SSL certificate
> >> > >> >
> >> > >> >Pasted the certificate
> >> > >> >Pasted the Key
> >> > >> >DNS domain = hostname.com
> >> > >> >
> >> > >> >Once completed, I have optimized the global settings
> >> > >> >

Re: Console Proxy SSL Error

2014-05-06 Thread Konstantinos Karampogias 
I was also able to upload the root certificate and the intermediate
certificate using exactly
the script in this link
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html

I was not able to put my certificate and private key using the script,
but i did it through the cloudstack web interface.

A tip is to use api to get the error, for example when i was failing i
was getting the error
" cs job query cfa55630-6a76-4128-a759-469224ddee4f  -e cs3-admin
accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266
userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266
cmd : 
org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd
jobstatus : 2
jobprocstatus : 0
jobresultcode : 530
jobresulttype : object
jobresult :errorcode : 530
   errortext : Failed to pass certificate validation check
created : 2014-05-06T15:47:52+0200
jobid : cfa55630-6a76-4128-a759-469224ddee4f"


when i succeeded  i got
"$ cs job query 686d4d71-94da-4b27-9629-9067793147fa -e cs3-admin
accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266
userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266
cmd : 
org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd
jobstatus : 1
jobprocstatus : 0
jobresultcode : 0
jobresulttype : object
jobresult :customcertificate : {"message"=>"Certificate has been
updated, we will stop all running console proxy VMs and secondary
storage VMs to propagate the new certificate, please give a few
minutes for console access service to be up again"}
created : 2014-05-06T15:56:31+0200
jobid : 686d4d71-94da-4b27-9629-9067793147fa
"

After you verify that all keys are there, verify also the console
proxy is being restarted.



On Tue, May 6, 2014 at 1:21 PM, Ian Service  wrote:
> I was able to get it all to work using the API.
>
> I followed Chip's advice
> http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
>
> The difference is is that I'm using my own CloudStack API wrapper in PHP
> and the certificates and private key needed to be url encoded twice (once
> for normal URL transmission and once before that for transmission into the
> system) before they would be pushed out correctly to the system VMs.  I
> also replaced all newlines with \r\n and trimmed off the white space from
> beginning and end of the strings for good measure.
>
> Before I discovered that, the certificates would look like they had been
> imported correctly in the database but were being prevented from being used
> on the Java end of things.
>
> - Ian
>
>
>
> On Tue, May 6, 2014 at 2:17 AM, Gopala Krishnan wrote:
>
>> Yes... I have changed manually id in keystore tables.
>>
>> 1 for root cert
>> 2 for intermediate CA
>> 3 for certificate
>>
>>
>>
>>
>> On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar > >wrote:
>>
>> > Can you please outline the steps in uploading intermediate and root
>> > certificates? Specifically, was the "id" parameter set (1 for root, 2 for
>> > intermediate_ca_1 etc..)
>> >
>> > Amogh
>> >
>> > On 5/5/14 10:10 PM, "Gopala Krishnan"  wrote:
>> >
>> > >Amogh,
>> > >
>> > >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
>> > >certificate as per order.  But still not console accessible.
>> > >
>> > >Any idea?
>> > >
>> > >
>> > >
>> > >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar
>> > >wrote:
>> > >
>> > >> Hi,
>> > >>
>> > >> Which version are you on? Also, did you upload the root and
>> intermediate
>> > >> certificates (if any)?
>> > >>
>> > >> Amogh
>> > >>
>> > >> On 5/3/14 3:38 AM, "Gopala Krishnan"  wrote:
>> > >>
>> > >> >Hi,
>> > >> >
>> > >> >I have tried to change realhostip.com for console proxy. I have
>> > created
>> > >> >SSL
>> > >> >certificate with wildcard SSL and updated as per the cloudstack
>> > >>document.
>> > >> >
>> > >> >
>> > >>
>> > >>
>> >
>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l
>> > >>a
>> > >> >test/systemvm.html#console-proxy
>> > >> >
>> > >> >Its not working.. I have done the following steps.
>> > >> >
>> > >> >Purchased SSL certificate for my domain *.hostname.com and updated
>> the
>> > >> >certificate via the cloudstack UI.
>> > >> >
>> > >> >Infrastructure - > SSL certificate
>> > >> >
>> > >> >Pasted the certificate
>> > >> >Pasted the Key
>> > >> >DNS domain = hostname.com
>> > >> >
>> > >> >Once completed, I have optimized the global settings
>> > >> >
>> > >> >consoleproxy.url.domain = hostname.com
>> > >> >
>> > >> >
>> > >> >When I click console for VM, It shows certificate trusted errors.
>> May I
>> > >> >know what I done wrong??
>> > >> >
>> > >> >
>> > >> >--
>> > >> >Gopala Krishnan.S
>> > >> >Mobile : +91 9865709094 / +91 9994874447
>> > >> >*cPanel KnowledgeBase *
>> > >> >*Linux Server Admin Tools* 
>> > >>
>> > >>
>> > >
>> > >
>> > >--
>> > >Gopala Krishnan.S
>> > >Mobile : +91 9865709094 / +91 9994874447
>> > >*cPanel KnowledgeBase

Re: Console Proxy SSL Error

2014-05-06 Thread Ian Service 
I was able to get it all to work using the API.

I followed Chip's advice
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html

The difference is is that I'm using my own CloudStack API wrapper in PHP
and the certificates and private key needed to be url encoded twice (once
for normal URL transmission and once before that for transmission into the
system) before they would be pushed out correctly to the system VMs.  I
also replaced all newlines with \r\n and trimmed off the white space from
beginning and end of the strings for good measure.

Before I discovered that, the certificates would look like they had been
imported correctly in the database but were being prevented from being used
on the Java end of things.

- Ian



On Tue, May 6, 2014 at 2:17 AM, Gopala Krishnan wrote:

> Yes... I have changed manually id in keystore tables.
>
> 1 for root cert
> 2 for intermediate CA
> 3 for certificate
>
>
>
>
> On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar  >wrote:
>
> > Can you please outline the steps in uploading intermediate and root
> > certificates? Specifically, was the "id" parameter set (1 for root, 2 for
> > intermediate_ca_1 etc..)
> >
> > Amogh
> >
> > On 5/5/14 10:10 PM, "Gopala Krishnan"  wrote:
> >
> > >Amogh,
> > >
> > >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
> > >certificate as per order.  But still not console accessible.
> > >
> > >Any idea?
> > >
> > >
> > >
> > >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar
> > >wrote:
> > >
> > >> Hi,
> > >>
> > >> Which version are you on? Also, did you upload the root and
> intermediate
> > >> certificates (if any)?
> > >>
> > >> Amogh
> > >>
> > >> On 5/3/14 3:38 AM, "Gopala Krishnan"  wrote:
> > >>
> > >> >Hi,
> > >> >
> > >> >I have tried to change realhostip.com for console proxy. I have
> > created
> > >> >SSL
> > >> >certificate with wildcard SSL and updated as per the cloudstack
> > >>document.
> > >> >
> > >> >
> > >>
> > >>
> >
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l
> > >>a
> > >> >test/systemvm.html#console-proxy
> > >> >
> > >> >Its not working.. I have done the following steps.
> > >> >
> > >> >Purchased SSL certificate for my domain *.hostname.com and updated
> the
> > >> >certificate via the cloudstack UI.
> > >> >
> > >> >Infrastructure - > SSL certificate
> > >> >
> > >> >Pasted the certificate
> > >> >Pasted the Key
> > >> >DNS domain = hostname.com
> > >> >
> > >> >Once completed, I have optimized the global settings
> > >> >
> > >> >consoleproxy.url.domain = hostname.com
> > >> >
> > >> >
> > >> >When I click console for VM, It shows certificate trusted errors.
> May I
> > >> >know what I done wrong??
> > >> >
> > >> >
> > >> >--
> > >> >Gopala Krishnan.S
> > >> >Mobile : +91 9865709094 / +91 9994874447
> > >> >*cPanel KnowledgeBase *
> > >> >*Linux Server Admin Tools* 
> > >>
> > >>
> > >
> > >
> > >--
> > >Gopala Krishnan.S
> > >Mobile : +91 9865709094 / +91 9994874447
> > >*cPanel KnowledgeBase *
> > >*Linux Server Admin Tools* 
> >
> >
>
>
> --
> Gopala Krishnan.S
> Mobile : +91 9865709094 / +91 9994874447
> *cPanel KnowledgeBase *
> *Linux Server Admin Tools* 
>

Re: Console Proxy SSL Error

2014-05-05 Thread Gopala Krishnan 
Yes... I have changed manually id in keystore tables.

1 for root cert
2 for intermediate CA
3 for certificate




On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar wrote:

> Can you please outline the steps in uploading intermediate and root
> certificates? Specifically, was the "id" parameter set (1 for root, 2 for
> intermediate_ca_1 etc..)
>
> Amogh
>
> On 5/5/14 10:10 PM, "Gopala Krishnan"  wrote:
>
> >Amogh,
> >
> >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
> >certificate as per order.  But still not console accessible.
> >
> >Any idea?
> >
> >
> >
> >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar
> >wrote:
> >
> >> Hi,
> >>
> >> Which version are you on? Also, did you upload the root and intermediate
> >> certificates (if any)?
> >>
> >> Amogh
> >>
> >> On 5/3/14 3:38 AM, "Gopala Krishnan"  wrote:
> >>
> >> >Hi,
> >> >
> >> >I have tried to change realhostip.com for console proxy. I have
> created
> >> >SSL
> >> >certificate with wildcard SSL and updated as per the cloudstack
> >>document.
> >> >
> >> >
> >>
> >>
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l
> >>a
> >> >test/systemvm.html#console-proxy
> >> >
> >> >Its not working.. I have done the following steps.
> >> >
> >> >Purchased SSL certificate for my domain *.hostname.com and updated the
> >> >certificate via the cloudstack UI.
> >> >
> >> >Infrastructure - > SSL certificate
> >> >
> >> >Pasted the certificate
> >> >Pasted the Key
> >> >DNS domain = hostname.com
> >> >
> >> >Once completed, I have optimized the global settings
> >> >
> >> >consoleproxy.url.domain = hostname.com
> >> >
> >> >
> >> >When I click console for VM, It shows certificate trusted errors. May I
> >> >know what I done wrong??
> >> >
> >> >
> >> >--
> >> >Gopala Krishnan.S
> >> >Mobile : +91 9865709094 / +91 9994874447
> >> >*cPanel KnowledgeBase *
> >> >*Linux Server Admin Tools* 
> >>
> >>
> >
> >
> >--
> >Gopala Krishnan.S
> >Mobile : +91 9865709094 / +91 9994874447
> >*cPanel KnowledgeBase *
> >*Linux Server Admin Tools* 
>
>


-- 
Gopala Krishnan.S
Mobile : +91 9865709094 / +91 9994874447
*cPanel KnowledgeBase *
*Linux Server Admin Tools*

Re: Console Proxy SSL Error

2014-05-05 Thread Amogh Vasekar 
Can you please outline the steps in uploading intermediate and root
certificates? Specifically, was the "id" parameter set (1 for root, 2 for
intermediate_ca_1 etc..)

Amogh

On 5/5/14 10:10 PM, "Gopala Krishnan"  wrote:

>Amogh,
>
>Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
>certificate as per order.  But still not console accessible.
>
>Any idea?
>
>
>
>On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar
>wrote:
>
>> Hi,
>>
>> Which version are you on? Also, did you upload the root and intermediate
>> certificates (if any)?
>>
>> Amogh
>>
>> On 5/3/14 3:38 AM, "Gopala Krishnan"  wrote:
>>
>> >Hi,
>> >
>> >I have tried to change realhostip.com for console proxy. I have created
>> >SSL
>> >certificate with wildcard SSL and updated as per the cloudstack
>>document.
>> >
>> >
>> 
>>http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l
>>a
>> >test/systemvm.html#console-proxy
>> >
>> >Its not working.. I have done the following steps.
>> >
>> >Purchased SSL certificate for my domain *.hostname.com and updated the
>> >certificate via the cloudstack UI.
>> >
>> >Infrastructure - > SSL certificate
>> >
>> >Pasted the certificate
>> >Pasted the Key
>> >DNS domain = hostname.com
>> >
>> >Once completed, I have optimized the global settings
>> >
>> >consoleproxy.url.domain = hostname.com
>> >
>> >
>> >When I click console for VM, It shows certificate trusted errors. May I
>> >know what I done wrong??
>> >
>> >
>> >--
>> >Gopala Krishnan.S
>> >Mobile : +91 9865709094 / +91 9994874447
>> >*cPanel KnowledgeBase *
>> >*Linux Server Admin Tools* 
>>
>>
>
>
>-- 
>Gopala Krishnan.S
>Mobile : +91 9865709094 / +91 9994874447
>*cPanel KnowledgeBase *
>*Linux Server Admin Tools*

Re: Console Proxy SSL Error

2014-05-05 Thread Gopala Krishnan 
Amogh,

Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA
certificate as per order.  But still not console accessible.

Any idea?



On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar wrote:

> Hi,
>
> Which version are you on? Also, did you upload the root and intermediate
> certificates (if any)?
>
> Amogh
>
> On 5/3/14 3:38 AM, "Gopala Krishnan"  wrote:
>
> >Hi,
> >
> >I have tried to change realhostip.com for console proxy. I have created
> >SSL
> >certificate with wildcard SSL and updated as per the cloudstack document.
> >
> >
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/la
> >test/systemvm.html#console-proxy
> >
> >Its not working.. I have done the following steps.
> >
> >Purchased SSL certificate for my domain *.hostname.com and updated the
> >certificate via the cloudstack UI.
> >
> >Infrastructure - > SSL certificate
> >
> >Pasted the certificate
> >Pasted the Key
> >DNS domain = hostname.com
> >
> >Once completed, I have optimized the global settings
> >
> >consoleproxy.url.domain = hostname.com
> >
> >
> >When I click console for VM, It shows certificate trusted errors. May I
> >know what I done wrong??
> >
> >
> >--
> >Gopala Krishnan.S
> >Mobile : +91 9865709094 / +91 9994874447
> >*cPanel KnowledgeBase *
> >*Linux Server Admin Tools* 
>
>


-- 
Gopala Krishnan.S
Mobile : +91 9865709094 / +91 9994874447
*cPanel KnowledgeBase *
*Linux Server Admin Tools*

Re: Console Proxy SSL Error

2014-05-03 Thread Amogh Vasekar 
Hi,

Which version are you on? Also, did you upload the root and intermediate
certificates (if any)?

Amogh

On 5/3/14 3:38 AM, "Gopala Krishnan"  wrote:

>Hi,
>
>I have tried to change realhostip.com for console proxy. I have created
>SSL
>certificate with wildcard SSL and updated as per the cloudstack document.
>
>http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/la
>test/systemvm.html#console-proxy
>
>Its not working.. I have done the following steps.
>
>Purchased SSL certificate for my domain *.hostname.com and updated the
>certificate via the cloudstack UI.
>
>Infrastructure - > SSL certificate
>
>Pasted the certificate
>Pasted the Key
>DNS domain = hostname.com
>
>Once completed, I have optimized the global settings
>
>consoleproxy.url.domain = hostname.com
>
>
>When I click console for VM, It shows certificate trusted errors. May I
>know what I done wrong??
>
>
>-- 
>Gopala Krishnan.S
>Mobile : +91 9865709094 / +91 9994874447
>*cPanel KnowledgeBase *
>*Linux Server Admin Tools*

Console Proxy SSL Error

2014-05-03 Thread Gopala Krishnan 
Hi,

I have tried to change realhostip.com for console proxy. I have created SSL
certificate with wildcard SSL and updated as per the cloudstack document.

http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/systemvm.html#console-proxy

Its not working.. I have done the following steps.

Purchased SSL certificate for my domain *.hostname.com and updated the
certificate via the cloudstack UI.

Infrastructure - > SSL certificate

Pasted the certificate
Pasted the Key
DNS domain = hostname.com

Once completed, I have optimized the global settings

consoleproxy.url.domain = hostname.com


When I click console for VM, It shows certificate trusted errors. May I
know what I done wrong??


-- 
Gopala Krishnan.S
Mobile : +91 9865709094 / +91 9994874447
*cPanel KnowledgeBase *
*Linux Server Admin Tools*