Hello dshevchenko, we will try the workaround and we will give feedback if that worked for us or not.
> Date: Tue, 14 Jul 2015 16:46:23 +0300 > From: dshevchenko.m...@gmail.com > To: users@cloudstack.apache.org > Subject: Re: Need help with S3 Secondary Storage > > Hello Nico. > We also trying to use S3 as secondary storage, so several thoughts: > 1. "peer not authenticated" - maybe problem with access id and secret > id? Can you authenticate with external client? > 2. You cannot use self-signed certificate, it's not supported (actually > you can, but it must be added as trusted to local java keystore on all > nodes, including ssvm) > 3. We also have problem with S3 via https and ssvm, because of ssvm > using custom java keystore file (/realhostip.keystore/) and in this file > only one trusted root certificate from godaddy.com. But even worse - in > source code it hard-coded that you can inject your custom certificate to > ssvm/cpvm (I mean trusted root cert here) only if secondary storage is NFS. > > As workaround: after installation download and unpack systemvm.iso, find > realhostip.keystore file, add your trusted root or self-signed > certificate into it via keytool utility, recreate new iso file and > replace it on all management and KVM nodes. > > check this > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name > > and > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Implementation+details+and+troubleshooting+-+uploading+custom+domain+certificate+instead+of+using+realhostip.com > > On 07/14/2015 03:58 PM, Nico Herzhauser wrote: > > Hello cloudstack usergroup, > > we like to try S3 style storage with cloudstack 4.5 but we cannot connect > > to the S3 Storage.We think this is a certificate problem because the ssvm > > did not get the right certificate. > > We use a Wildcard SSL certificate. > > At the storage-vm I see the following error in the log file: > > 2015-07-13 13:59:54,887 DEBUG [cloud.agent.Agent] > > (agentRequest-Handler-2:null) Seq 40-6480961338762854402: { Ans: , MgmtId: > > 345049465082, via: 40, Ver: v1, Flags: 110, > > [{"com.cloud.agent.api.Answer":{"result":true,"details":"","wait":0}}] > > }2015-07-13 13:59:55,020 DEBUG [cloud.agent.Agent] > > (agentRequest-Handler-3:null) Request:Seq 40-6480961338762854403: { Cmd , > > MgmtId: 345049465082, via: 40, Ver: v1, Flags: 100111, > > [{"com.cloud.agent.api.storage.ListVolumeCommand":{"store":{"com.cloud.agent.api.to.S3TO":{"id":15,"uuid":"51333282-9c81-43ca-9532-fac88f722df9","endPoint":"%fqdn%","bucketName":"secondary","httpsFlag":true,"created":"Jul > > 13, 2015 4:02:25 > > PM","enableRRS":false,"maxSingleUploadSizeInBytes":5368709120}},"wait":0}}] > > }2015-07-13 13:59:55,020 DEBUG [cloud.agent.Agent] > > (agentRequest-Handler-3:null) Processing command: > > com.cloud.agent.api.storage.ListVolumeCommand2015-07-13 13:59:55,031 DEBUG > > [cloud.utils.S3Utils] (agentRequest-Handler-3:null) Creating S3 client with > > configuration: [protocol: https, connectionTimeOut: 50000, maxErrorRetry: > > 3, socketTimeout: 50000]2015-07-13 13:59:55,160 DEBUG [cloud.utils.S3Utils] > > (agentRequest-Handler-3:null) Setting the end point for S3 client > > com.amazonaws.services.s3.AmazonS3Client@6c05762a to %fqdn%.2015-07-13 > > 13:59:55,549 INFO [amazonaws.http.AmazonHttpClient] > > (agentRequest-Handler-3:null) Unable to execute HTTP request: peer not > > authenticatedjavax.net.ssl.SSLPeerUnverifiedException: peer not > > authenticated at > > sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421) > > at > > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) > > at >
