On 12.03.2014 01:13, Amogh Vasekar wrote:
Hi,
I was looking at your blog and found you have mentioned that :
The problem is the intermediate CA cert cannot be added from the web
interface.
Can you please let me know the error you faced while uploading the
intermediate CA cert via the UI?
Just thinking out loud;
Would using a secure vnc connection over http achieve the same result as using
a secure http session - the authentication token is in the initial url anyway..
Regards,
Paul Angus
Cloud Architect
S: +44 20 3603 0540 | M: +447711418784 | T: @CloudyAngus
The console technology doesn’t really matter. The encryption is the part of
concern. You have two choices:
* Shared secret: set up a crypto password in advance, get it onto the CPVM and
browser in some secure manner. Basically, however you do this you’re
compromised once somebody sniffs the
Hi,
I was looking at your blog and found you have mentioned that :
The problem is the intermediate CA cert cannot be added from the web
interface.
Can you please let me know the error you faced while uploading the
intermediate CA cert via the UI?
Thanks,
Amogh
On 3/7/14 11:19 AM, Nux!
Please let us know, what was the Citrixes response to community run
realhostip.com service.
I mentioned their response on 3/3. Basically their position is they think
they’d be doing the community a disfavor by passing the torch” (quoting my
previous email, not a direct quote from them but this is their position)
The realhostip cert provides a false sense of security, so I can’t think
Folks - just applied Amogh’s patch to 4.3-forward, and back ported that to
master.
Two steps left on the code side:
* Need to get this retirement into the 4.3 docs
* Need to backport this to 4.2
John
On Feb 28, 2014, at 12:27 PM, John Kinsella
j...@stratosec.comailto:j...@stratosec.co
Hi all.
Are we going to have a solution for older versions like 4.1.1?
I think we can already change that domain to something different
currently in settings. Hopefully it's not hardcoded anywhere else. Is it?
I think it's the right thing to move away from such solution in future
versions,
On 07.03.2014 14:55, France wrote:
Hi all.
Are we going to have a solution for older versions like 4.1.1?
I think we can already change that domain to something different
currently in settings. Hopefully it's not hardcoded anywhere else.
Is it?
I think it's the right thing to move away from
Hi,
The design on
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes
(big thanks to Kelven!) mentions a third work mode, that would use a load
balancer as the front for CPVMs. Since this is an exact address, it would
not need a wildcard cert and (hopefully) make it a
You could use this article as well:
http://support.citrix.com/article/CTX133468
Does not require you to use the java solution.
On 3/7/14, 11:19 AM, Nux! n...@li.nux.ro wrote:
On 07.03.2014 14:55, France wrote:
Hi all.
Are we going to have a solution for older versions like 4.1.1?
I think we
Soo…I’d recommend against something like Nux’s suggestion below. I’ve only
looked briefly at VirtualDNS.java, and it looks fine from a glance, but I’m
willing to bet I can a) DOS it, and b) use it for a reflection attack. I could
be wrong, don’t really have time to look closely, but based on it
On 07.03.2014 20:28, John Kinsella wrote:
Soo…I’d recommend against something like Nux’s suggestion below. I’ve
only looked briefly at VirtualDNS.java, and it looks fine from a
glance, but I’m willing to bet I can a) DOS it, and b) use it for a
reflection attack. I could be wrong, don’t really
On 07.03.2014 20:19, Chiradeep Vittal wrote:
You could use this article as well:
http://support.citrix.com/article/CTX133468
Does not require you to use the java solution.
Thanks, I've updated my post with it.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
You should require 1 record for the ACTUAL public IP used by the
ConsoleProxy VM.
On 3/7/14, 12:39 PM, Nux! n...@li.nux.ro wrote:
On 07.03.2014 20:28, John Kinsella wrote:
SooŠI¹d recommend against something like Nux¹s suggestion below. I¹ve
only looked briefly at VirtualDNS.java, and it looks
On 07.03.2014 21:30, Chiradeep Vittal wrote:
You should require 1 record for the ACTUAL public IP used by the
ConsoleProxy VM.
I know, but if the VM is destroyed or an additional one is spawned it
could have ANY IP.. I mean, I really don't want to track this kind of
stuff, doesn't scale.
I planned on looking at the Lua part of PowerDNS for this :-)
--
Erik Weber
7. mars 2014 22:48 skrev Nux! n...@li.nux.ro følgende:
On 07.03.2014 21:30, Chiradeep Vittal wrote:
You should require 1 record for the ACTUAL public IP used by the
ConsoleProxy VM.
I know, but if the VM is
] realhostip.com going away
It’s not.
On Mar 5, 2014, at 1:48 AM, Erik Weber
terbol...@gmail.commailto:terbol...@gmail.com wrote:
How is security being handled in HTTP mode?
--
Erik
On Wed, Mar 5, 2014 at 2:43 AM, Amogh Vasekar
amogh.vase...@citrix.commailto:amogh.vase...@citrix.comwrote
:05
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] realhostip.com going away
On 2/28/14 2:03 PM, Nux! n...@li.nux.ro wrote:
There's also the problem of the certificate. It comes bundled in ACS as
far as I can tell.. When does it expire?
notBefore=Feb 3 03:30:40 2012 GMT
notAfter=Feb 7 05
paul.an...@shapeblue.com
-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com]
Sent: 28 February 2014 23:05
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] realhostip.com going away
On 2/28/14 2:03 PM, Nux! n...@li.nux.ro wrote:
There's also the problem
] realhostip.com going away
On 2/28/14 2:03 PM, Nux! n...@li.nux.ro wrote:
There's also the problem of the certificate. It comes bundled in ACS as
far as I can tell.. When does it expire?
notBefore=Feb 3 03:30:40 2012 GMT
notAfter=Feb 7 05:11:23 2017 GMT
Need Enterprise Grade
It’s not.
On Mar 5, 2014, at 1:48 AM, Erik Weber
terbol...@gmail.commailto:terbol...@gmail.com wrote:
How is security being handled in HTTP mode?
--
Erik
On Wed, Mar 5, 2014 at 2:43 AM, Amogh Vasekar
amogh.vase...@citrix.commailto:amogh.vase...@citrix.comwrote:
Hello,
I have created a
While this patch might address the direct problem, a quick string search of the
source shows “realhostip.comhttp://realhostip.com” in a few more places that
also need to be cleaned up, including in the db. I haven’t actually applied the
patch yet, just read over it a few times. Will try to
...@shapeblue.com
-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com]
Sent: 28 February 2014 23:05
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] realhostip.com going away
On 2/28/14 2:03 PM, Nux! n...@li.nux.ro wrote:
There's also the problem
On 03.03.2014 16:58, John Kinsella wrote:
I talked with some of the Citrix folk over the weekend…their position
is they think they’d be doing the community a disfavor by passing the
torch, so-to-speak, and I agree with them [1].
From what I understand, the patches that are going to be proposed
Folks: Recently the PMC was informed that the realhostip.com DNS service that
ACS currently uses by default as part of the console proxy will be disbanded
this summer.
We’ve been informed the realhostip service will be shut down June 30th, 2014,
so we have approximately 4 months to mitigate
On Fri, Feb 28, 2014 at 9:27 PM, John Kinsella j...@stratosec.co wrote:
Folks: Recently the PMC was informed that the realhostip.com DNS service
that ACS currently uses by default as part of the console proxy will be
disbanded this summer.
We've been informed the realhostip service will be
I'd be interested to see if I could help with continuing the service too.
Let me know if I can assist.
On 28 Feb 2014, at 20:51, Erik Weber terbol...@gmail.com wrote:
On Fri, Feb 28, 2014 at 9:27 PM, John Kinsella j...@stratosec.co wrote:
Folks: Recently the PMC was informed that the
Hi,
I'd love to contribute to this in any way I can.
On a side note - the service is used in parts by SSVM for HTTPS support as
well.
Thanks,
Amogh
On 2/28/14 12:27 PM, John Kinsella j...@stratosec.co wrote:
* For 4.4, we should no longer be using SSL/realhostip for console proxy.
We¹re
On 28.02.2014 20:27, John Kinsella wrote:
Folks: Recently the PMC was informed that the realhostip.com DNS
service that ACS currently uses by default as part of the console
proxy will be disbanded this summer.
This kind of thing was bound to come biting our arses sooner or later.
Getting the
-Original Message-
From: John Kinsella [mailto:j...@stratosec.co]
Sent: 28 February 2014 20:27
To: dev@cloudstack.apache.org
Subject: [DISCUSS] realhostip.com going away
Folks: Recently the PMC was informed that the realhostip.com DNS service that
ACS currently uses by default as part
On 2/28/14 2:03 PM, Nux! n...@li.nux.ro wrote:
There's also the problem of the certificate. It comes bundled in ACS as
far as I can tell.. When does it expire?
notBefore=Feb 3 03:30:40 2012 GMT
notAfter=Feb 7 05:11:23 2017 GMT
32 matches
Mail list logo