I did found this in log: 2015-04-07 18:00:45,163 WARN [c.c.k.KeystoreManagerImpl] (AgentConnectTaskPool-117:ctx-2a501782) Unable to build keystore for CPVMCertificate due to CertificateException 2015-04-07 18:00:45,163 ERROR [c.c.c.AgentHookBase] (AgentConnectTaskPool-117:ctx-2a501782) Could not find and construct a valid SSL certificate
Any clues on this ? On 7 April 2015 at 19:01, Andrija Panic <[email protected]> wrote: > ok, I'm on 4.3.2, so there is only UI field for cert, key and > domainname.... so no field for i.e. password, as the key would have to been > decrypted sometimes if it is encrypted. > > My possible problem - I see both old intermediate1 cert and the new > intermediate1 cert in database, but only 1 ROOT CA (might have been - I > used the same name so odl ROOT CA was overwriten) > > Main CERT and the key looks fine in database... > > > On 7 April 2015 at 18:59, Erik Weber <[email protected]> wrote: > >> Your private key is decrypted, my issue was that it should've been >> encrypted. >> >> However, that could be 4.5 specific. You'll get an exception if you >> encounter the same. >> >> >> Erik >> >> Den tirsdag 7. april 2015 skrev Andrija Panic <[email protected]> >> følgende: >> >> > Thx Erik, >> > >> > per my understanding, private key needs to be DEcrypted, and uploaded >> > through UI... ? >> > >> > On 7 April 2015 at 18:48, Erik Weber <[email protected] >> <javascript:;>> >> > wrote: >> > >> > > Also, take a backup first, then remove the realhostip occurence and >> set >> > seq >> > > to 0 for your cert. >> > > >> > > Erik >> > > >> > > Den tirsdag 7. april 2015 skrev Erik Weber <[email protected] >> > <javascript:;>> følgende: >> > > >> > > > Nothing in the logs? >> > > > >> > > > I had an issue where the private key wasn't being encrypted and had >> to >> > > fix >> > > > it by encrypting manually. But I also had could not decrypt >> exceptions >> > in >> > > > the logs. >> > > > >> > > > Erik >> > > > >> > > > Den tirsdag 7. april 2015 skrev Andrija Panic < >> [email protected] >> > <javascript:;> >> > > > <javascript:_e(%7B%7D,'cvml','[email protected] >> <javascript:;>');>> >> > følgende: >> > > > >> > > >> Hi guys, >> > > >> >> > > >> our SSL just expired, and I needed to upload new ROOT CA, >> Intemediata >> > > ROOT >> > > >> CA, and at the end SSL for sever and a private key. >> > > >> >> > > >> I uploaded new ROOT CA, and after CPVM rebooted, also uploaded >> > > >> Intermediate >> > > >> ROOT CA, via API, with URL encoded stuff - checked in database all >> > seems >> > > >> OK. >> > > >> >> > > >> But after uploading new SSL and private key, destroyed CPVM and >> SSVM - >> > > my >> > > >> Console Proxy shows *.realiphost.com as the domain for the SSL >> wjen I >> > > >> access >> > > >> >> > > >> Any clues what I did wrong ? >> > > >> Should I have somehow removed first old ROOT CA and old >> Intermediate >> > CA, >> > > >> and upload new ones ? >> > > >> >> > > >> Here is database content from cloud.keystore: >> > > >> http://snag.gy/LMA4h.jpg >> > > >> >> > > >> This means that for some reason, original realiphost.com SSL is >> now >> > > used >> > > >> inside CPVM... >> > > >> >> > > >> Any help greatly appreciated, since this is live system... >> > > >> >> > > >> Thanks, >> > > >> >> > > >> >> > > >> >> > > >> -- >> > > >> >> > > >> Andrija Panić >> > > >> >> > > > >> > > >> > >> > >> > >> > -- >> > >> > Andrija Panić >> > >> > > > > -- > > Andrija Panić > -- Andrija Panić
