I would try to delete the keystore table (after backup), then add the cert.
Erik Den tirsdag 7. april 2015 skrev Andrija Panic <[email protected]> følgende: > I did found this in log: > > 2015-04-07 18:00:45,163 WARN [c.c.k.KeystoreManagerImpl] > (AgentConnectTaskPool-117:ctx-2a501782) Unable to build keystore for > CPVMCertificate due to CertificateException > 2015-04-07 18:00:45,163 ERROR [c.c.c.AgentHookBase] > (AgentConnectTaskPool-117:ctx-2a501782) Could not find and construct a > valid SSL certificate > > Any clues on this ? > > On 7 April 2015 at 19:01, Andrija Panic <[email protected] > <javascript:;>> wrote: > > > ok, I'm on 4.3.2, so there is only UI field for cert, key and > > domainname.... so no field for i.e. password, as the key would have to > been > > decrypted sometimes if it is encrypted. > > > > My possible problem - I see both old intermediate1 cert and the new > > intermediate1 cert in database, but only 1 ROOT CA (might have been - I > > used the same name so odl ROOT CA was overwriten) > > > > Main CERT and the key looks fine in database... > > > > > > On 7 April 2015 at 18:59, Erik Weber <[email protected] <javascript:;>> > wrote: > > > >> Your private key is decrypted, my issue was that it should've been > >> encrypted. > >> > >> However, that could be 4.5 specific. You'll get an exception if you > >> encounter the same. > >> > >> > >> Erik > >> > >> Den tirsdag 7. april 2015 skrev Andrija Panic <[email protected] > <javascript:;>> > >> følgende: > >> > >> > Thx Erik, > >> > > >> > per my understanding, private key needs to be DEcrypted, and uploaded > >> > through UI... ? > >> > > >> > On 7 April 2015 at 18:48, Erik Weber <[email protected] > <javascript:;> > >> <javascript:;>> > >> > wrote: > >> > > >> > > Also, take a backup first, then remove the realhostip occurence and > >> set > >> > seq > >> > > to 0 for your cert. > >> > > > >> > > Erik > >> > > > >> > > Den tirsdag 7. april 2015 skrev Erik Weber <[email protected] > <javascript:;> > >> > <javascript:;>> følgende: > >> > > > >> > > > Nothing in the logs? > >> > > > > >> > > > I had an issue where the private key wasn't being encrypted and > had > >> to > >> > > fix > >> > > > it by encrypting manually. But I also had could not decrypt > >> exceptions > >> > in > >> > > > the logs. > >> > > > > >> > > > Erik > >> > > > > >> > > > Den tirsdag 7. april 2015 skrev Andrija Panic < > >> [email protected] <javascript:;> > >> > <javascript:;> > >> > > > <javascript:_e(%7B%7D,'cvml','[email protected] > <javascript:;> > >> <javascript:;>');>> > >> > følgende: > >> > > > > >> > > >> Hi guys, > >> > > >> > >> > > >> our SSL just expired, and I needed to upload new ROOT CA, > >> Intemediata > >> > > ROOT > >> > > >> CA, and at the end SSL for sever and a private key. > >> > > >> > >> > > >> I uploaded new ROOT CA, and after CPVM rebooted, also uploaded > >> > > >> Intermediate > >> > > >> ROOT CA, via API, with URL encoded stuff - checked in database > all > >> > seems > >> > > >> OK. > >> > > >> > >> > > >> But after uploading new SSL and private key, destroyed CPVM and > >> SSVM - > >> > > my > >> > > >> Console Proxy shows *.realiphost.com as the domain for the SSL > >> wjen I > >> > > >> access > >> > > >> > >> > > >> Any clues what I did wrong ? > >> > > >> Should I have somehow removed first old ROOT CA and old > >> Intermediate > >> > CA, > >> > > >> and upload new ones ? > >> > > >> > >> > > >> Here is database content from cloud.keystore: > >> > > >> http://snag.gy/LMA4h.jpg > >> > > >> > >> > > >> This means that for some reason, original realiphost.com SSL is > >> now > >> > > used > >> > > >> inside CPVM... > >> > > >> > >> > > >> Any help greatly appreciated, since this is live system... > >> > > >> > >> > > >> Thanks, > >> > > >> > >> > > >> > >> > > >> > >> > > >> -- > >> > > >> > >> > > >> Andrija Panić > >> > > >> > >> > > > > >> > > > >> > > >> > > >> > > >> > -- > >> > > >> > Andrija Panić > >> > > >> > > > > > > > > -- > > > > Andrija Panić > > > > > > -- > > Andrija Panić >
