In SSVM default java keystore is overriden by "realhostip.keystore" and does
not have necessary certificates.
Import all java cacerts to
‘/usr/local/cloud/systemvm/certs/realhostip.keystore’.
keytool -importkeystore –srckeystore -destkeystore
/usr/local/cloud/systemvm/certs/realhostip.keyst
Well, if everything is there, then you should not see this error of
unable to build the certification path.
Then, it would be a good idea to check which cacerts Java is using.
On 10/16/2017 1:54 PM, Benjamin Naber wrote:
Hi Rafael,
i exported the Keystore to textfile and checked fingerprints
Hi Rafael,
i exported the Keystore to textfile and checked fingerprints.
root CAs also in the Keystore.
Kind Regards
Benjamin
> Rafael Weingärtner hat am 16. Oktober 2017 um
> 17:45 geschrieben:
>
> How did you check the certificates? Did you list and checked by name? Or
> by fingerprint?
>
How did you check the certificates? Did you list and checked by name? Or
by fingerprint?
Also, did you check if the root CA was there as well? For instance, the
Let's encrypt root CA is "DST Root CA X3" (the CA that signs let's
encrypt CA's certificate)
On 10/16/2017 1:42 PM, Benjamin Naber
Hi Rafael,
ive allready checked the Java Keystore. All Certificates are included.
Im using ACS 4.10
Kind Regards
Benjamin
> Benjamin Naber hat am 16. Oktober 2017 um
> 17:26 geschrieben:
>
> Hi Rafael,
>
> Currently no ssl Backlund works. Also COMODO Certificates don't work.
>
> Kind Reg
Well, to solve this is the same as to solve the let´encrypt problem.
You will need to add these CAs in the keystore of trusted certificates.
These are probably new CAs that do not exist in the default cacerts of
Java 7 (I am supposing you are using ACS 4.9 or lower which uses Java 7)
On 10/16
Hi Rafael,
Currently no ssl Backlund works. Also COMODO Certificates don't work.
Kind Regards
Benjamin
Von meinem Huawei-Mobiltelefon gesendet
Originalnachricht
Betreff: Re: https Repo links don't work
Von: Rafael Weingärtner
An: users@cloudstack.apache.org
Cc:
Probably th
When I said keystore, I meant the keystore used to store keys of CAs you
trust.
I believe ACS uses the default of Java (cacerts)
On 10/16/2017 1:16 PM, Rafael Weingärtner wrote:
Probably the let´s encrypt CA is not in your java keystore. You will
need to add it.
On 10/16/2017 1:13 PM, Benj
Probably the let´s encrypt CA is not in your java keystore. You will
need to add it.
On 10/16/2017 1:13 PM, Benjamin Naber - NETFORMIC GmbH wrote:
Hi together,
i have an issue deploying templates with https Repo Links.
When i create a global template like debian stretch netinstall and the
Hi together,
i have an issue deploying templates with https Repo Links.
When i create a global template like debian stretch netinstall and the ISO file
is located on a https backlink
(https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso).
the following error o
If the volume is too big the migration can stop due to timeout. You can
configure it in the global settings by changing variable copy.volume.wait
(In second, timeout for copy volume command).
2017-10-16 7:06 GMT-02:00 Makrand :
> Hi Gian,
>
> you need to tune some parameters from global settings
Hi Gian,
you need to tune some parameters from global settings
Read this email thread I initiated in past to understand what needs to be
changed (my second reply in email thread)
https://mail-archives.apache.org/mod_mbox/cloudstack-users/201608.mbox/browser
(Search subject line Mess after volu
12 matches
Mail list logo