Hello, I’m investigating an issue on CloudStack 4.8.0, which is I believe well described in https://issues.apache.org/jira/browse/CLOUDSTACK-1475.
I’m trying to add my ISO from, for example: https://releases.rancher.com/os/latest/rancheros.iso The problem is that I’m using a custom SSL certificate, and because of this, the java instance on the SSVM (and CPVM) is started with a custom keystore; doing so also overrides the default certificate trust store, and the traditional certificate validation mechanisms, so I get the error (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target). Would il be possible and advisable to add the contents of the default certificate store (Option 2 in https://issues.apache.org/jira/browse/CLOUDSTACK-1475?focusedCommentId=14537734&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14537734) to the custom store when a custom SSL certificate is activated ? If so (i’m relatively new to CloudStack’s code) where should I peek in the System VM to add the custom import commands ? Is there any existing issue you are aware of that addresses this issue ? In my opinion, if there isn’t, we should open one. What do you think ? Thanks ! Best regards, -- Aurélien Guillaume
