I had the exact same issue Konstantinos, but by URL encoding the certificates they all were accepted and then functioned correctly.
- Ian On Tue, May 6, 2014 at 10:29 AM, Konstantinos Karampogias < konstantinos.karampog...@centralway.com> wrote: > I was also able to upload the root certificate and the intermediate > certificate using exactly > the script in this link > > http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html > > I was not able to put my certificate and private key using the script, > but i did it through the cloudstack web interface. > > A tip is to use api to get the error, for example when i was failing i > was getting the error > " cs job query cfa55630-6a76-4128-a759-469224ddee4f -e cs3-admin > accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266 > userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266 > cmd : > org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd > jobstatus : 2 > jobprocstatus : 0 > jobresultcode : 530 > jobresulttype : object > jobresult : errorcode : 530 > errortext : Failed to pass certificate validation check > created : 2014-05-06T15:47:52+0200 > jobid : cfa55630-6a76-4128-a759-469224ddee4f" > > > when i succeeded i got > "$ cs job query 686d4d71-94da-4b27-9629-9067793147fa -e cs3-admin > accountid : 40ed3d8c-cae2-11e3-8f1a-001e67a0a266 > userid : 40ed6f44-cae2-11e3-8f1a-001e67a0a266 > cmd : > org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd > jobstatus : 1 > jobprocstatus : 0 > jobresultcode : 0 > jobresulttype : object > jobresult : customcertificate : {"message"=>"Certificate has been > updated, we will stop all running console proxy VMs and secondary > storage VMs to propagate the new certificate, please give a few > minutes for console access service to be up again"} > created : 2014-05-06T15:56:31+0200 > jobid : 686d4d71-94da-4b27-9629-9067793147fa > " > > After you verify that all keys are there, verify also the console > proxy is being restarted. > > > > On Tue, May 6, 2014 at 1:21 PM, Ian Service <iserv...@ts2.ca> wrote: > > I was able to get it all to work using the API. > > > > I followed Chip's advice > > > http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html > > > > The difference is is that I'm using my own CloudStack API wrapper in PHP > > and the certificates and private key needed to be url encoded twice (once > > for normal URL transmission and once before that for transmission into > the > > system) before they would be pushed out correctly to the system VMs. I > > also replaced all newlines with \r\n and trimmed off the white space from > > beginning and end of the strings for good measure. > > > > Before I discovered that, the certificates would look like they had been > > imported correctly in the database but were being prevented from being > used > > on the Java end of things. > > > > - Ian > > > > > > > > On Tue, May 6, 2014 at 2:17 AM, Gopala Krishnan <gopkris2...@gmail.com > >wrote: > > > >> Yes... I have changed manually id in keystore tables. > >> > >> 1 for root cert > >> 2 for intermediate CA > >> 3 for certificate > >> > >> > >> > >> > >> On Tue, May 6, 2014 at 10:47 AM, Amogh Vasekar < > amogh.vase...@citrix.com > >> >wrote: > >> > >> > Can you please outline the steps in uploading intermediate and root > >> > certificates? Specifically, was the "id" parameter set (1 for root, 2 > for > >> > intermediate_ca_1 etc..) > >> > > >> > Amogh > >> > > >> > On 5/5/14 10:10 PM, "Gopala Krishnan" <gopkris2...@gmail.com> wrote: > >> > > >> > >Amogh, > >> > > > >> > >Yes.. I am used Cloudstack 4.2 and uploaded root and intermediate CA > >> > >certificate as per order. But still not console accessible. > >> > > > >> > >Any idea? > >> > > > >> > > > >> > > > >> > >On Sat, May 3, 2014 at 11:58 PM, Amogh Vasekar > >> > ><amogh.vase...@citrix.com>wrote: > >> > > > >> > >> Hi, > >> > >> > >> > >> Which version are you on? Also, did you upload the root and > >> intermediate > >> > >> certificates (if any)? > >> > >> > >> > >> Amogh > >> > >> > >> > >> On 5/3/14 3:38 AM, "Gopala Krishnan" <gopkris2...@gmail.com> > wrote: > >> > >> > >> > >> >Hi, > >> > >> > > >> > >> >I have tried to change realhostip.com for console proxy. I have > >> > created > >> > >> >SSL > >> > >> >certificate with wildcard SSL and updated as per the cloudstack > >> > >>document. > >> > >> > > >> > >> > > >> > >> > >> > >> > >> > > >> > http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/l > >> > >>a > >> > >> >test/systemvm.html#console-proxy > >> > >> > > >> > >> >Its not working.. I have done the following steps. > >> > >> > > >> > >> >Purchased SSL certificate for my domain *.hostname.com and > updated > >> the > >> > >> >certificate via the cloudstack UI. > >> > >> > > >> > >> >Infrastructure - > SSL certificate > >> > >> > > >> > >> >Pasted the certificate > >> > >> >Pasted the Key > >> > >> >DNS domain = hostname.com > >> > >> > > >> > >> >Once completed, I have optimized the global settings > >> > >> > > >> > >> >consoleproxy.url.domain = hostname.com > >> > >> > > >> > >> > > >> > >> >When I click console for VM, It shows certificate trusted errors. > >> May I > >> > >> >know what I done wrong?? > >> > >> > > >> > >> > > >> > >> >-- > >> > >> >Gopala Krishnan.S > >> > >> >Mobile : +91 9865709094 / +91 9994874447 > >> > >> >*cPanel KnowledgeBase <http://www.cpanelkb.net/>* > >> > >> >*Linux Server Admin Tools* <http://www.gnutoolbox.com> > >> > >> > >> > >> > >> > > > >> > > > >> > >-- > >> > >Gopala Krishnan.S > >> > >Mobile : +91 9865709094 / +91 9994874447 > >> > >*cPanel KnowledgeBase <http://www.cpanelkb.net/>* > >> > >*Linux Server Admin Tools* <http://www.gnutoolbox.com> > >> > > >> > > >> > >> > >> -- > >> Gopala Krishnan.S > >> Mobile : +91 9865709094 / +91 9994874447 > >> *cPanel KnowledgeBase <http://www.cpanelkb.net/>* > >> *Linux Server Admin Tools* <http://www.gnutoolbox.com> > >> > > > > -- > Centralway Factory AG | Konstantinos Karampogias, DevOps | LinkedIn | > + 41 44 578 40 00 >
