Hi Ugo, Have you destroyed your sec storage VM and let CloudStack recreate it. A stop-start isn't usually enough to reconfigure certificates.
paul.an...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -----Original Message----- From: Ugo Vasi [mailto:ugo.v...@procne.it] Sent: 02 February 2018 11:37 To: users@cloudstack.apache.org; Benjamin Naber <benjamin.na...@coders-area.de> Subject: Re: Failing to enable SSL/HTTPS on console proxy vm Hi Ben, I'm sure that the DNS is resolving the right IP (aaa-bbb-ccc-ddd.domain.com -> aaa.bbb.ccc.ddd), I tried with wget using the same src of iframe (masquerade log): $ wget https://123-123-123-123.domain.com/ajax?token=...(snipped) --2018-02-02 10:24:23-- https://123-123-123-123.domain.com/ajax?token=... Resolving 123-123-123-123.domain.com (123-123-123-123.domain.com)... 123.123.123.123 Connecting to 123-123-123-123.domain.com (123-123-123-123.domain.com)|123.123.123.123|:443... here the command hangs until a timeout. On 02/02/2018 11:43, Benjamin Naber wrote: > Hi Ugo, > > you need a DNS Record for the public ip address the consoleproxy has beed > allocatet. > should be look like this: 80-190-44-22.domain.com otherwise the iframe denied > loading in case of ssl error. > In Global setting "Console proxy url domain" set *.domain.com restart > management server and it should work. > > Kind Regards > > Ben > >> Ugo Vasi <ugo.v...@procne.it> hat am 2. Februar 2018 um 11:26 geschrieben: >> >> >> Hi all, >> I had the same problem installing the wildcard certificate. >> >> I tried to set the consoleproxy.url.domain in global settings but now >> the console interface inside the iframe does not respond... >> >> The dns record are OK. >> >> >> >> >> On 16/06/2016 18:10, Andy Dills wrote: >>> I have this working perfectly. >>> >>> Couple of key things that are not mentioned in the >>> documentation: >>> >>> - You need to set consoleproxy.url.domain to *.domain.com for whatever >>> domain you're using. Do this before re-uploading your SSL certificate. The >>> SSL upload dialogue doesn't set this value as it should. >>> >>> - You need a wildcard certificate for that domain. >>> >>> Assuming you setup the proper DNS records, it should then work. >>> >>> I'm open to follow up questions if anybody is struggling with this. >>> >>> Thanks, >>> Andy >>> >>> Sent from my iPhone >>> >>>> On Jun 16, 2016, at 12:01 PM, Will Stevens <wstev...@cloudops.com> wrote: >>>> >>>> We have been having issues with this for as long as I can remember >>>> (on both ACS and CCP). In order to get it to work you have to >>>> 'trust unsafe scripts' or whatever by clicking the shield in the >>>> URL bar in the top right (maybe that is chrome). >>>> >>>> I don't know that there is a solution, but if there is, I am all ears... >>>> >>>> *Will STEVENS* >>>> Lead Developer >>>> >>>> *CloudOps* *| *Cloud Solutions Experts >>>> 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* >>>> tw @CloudOps_ >>>> >>>>> On Thu, Jun 16, 2016 at 11:54 AM, Nux! <n...@li.nux.ro> wrote: >>>>> >>>>> Hi, >>>>> >>>>> Is there any particular voodoo involved in getting the $subject to >>>>> work correctly on 4.8.0? >>>>> I've uploaded the Comodo wildcard cabundle, crt and key in the >>>>> Infrastructure page, the systemvms have rebooted. >>>>> They came back fine and nothing dodgy in the logs, but when I open >>>>> the console of a VM Firefox will say there are insecure contents >>>>> loaded and will not display the terminal ajax thingy. >>>>> View source shoes an iframe linking http://1.2.3.4 instead of >>>>> https://1-2-3-4.wildcarddomain.tld. >>>>> >>>>> Apache HTTPD and Tomcat had no issues with these certs. >>>>> >>>>> Is there something that I am missing? >>>>> >>>>> Thanks >>>>> >>>>> >>>>> -- >>>>> Sent from the Delta quadrant using Borg technology! >>>>> >>>>> Nux! >>>>> www.nux.ro >>>>> >>> >>> >>> >> >> -- >> >> *Ugo Vasi* / System Administrator >> ugo.v...@procne.it <mailto:ugo.v...@procne.it> >> >> >> >> >> *Procne S.r.l.* >> +39 0432 486 523 >> via Cotonificio, 45 >> 33010 Tavagnacco (UD) >> www.procne.it <http://www.procne.it/> >> >> >> Le informazioni contenute nella presente comunicazione ed i relativi >> allegati possono essere riservate e sono, comunque, destinate >> esclusivamente alle persone od alla Società sopraindicati. La >> diffusione, distribuzione e/o copiatura del documento trasmesso da >> parte di qualsiasi soggetto diverso dal destinatario è proibita sia >> ai sensi dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. >> 196/2003 "Codice in materia di protezione dei dati personali". Se >> avete ricevuto questo messaggio per errore, vi preghiamo di >> distruggerlo e di informare immediatamente Procne S.r.l. scrivendo >> all' indirizzo e-mail i...@procne.it <mailto:i...@procne.it>. >> >> >> >> > > > -- *Ugo Vasi* / System Administrator ugo.v...@procne.it <mailto:ugo.v...@procne.it> *Procne S.r.l.* +39 0432 486 523 via Cotonificio, 45 33010 Tavagnacco (UD) www.procne.it <http://www.procne.it/> Le informazioni contenute nella presente comunicazione ed i relativi allegati possono essere riservate e sono, comunque, destinate esclusivamente alle persone od alla Società sopraindicati. La diffusione, distribuzione e/o copiatura del documento trasmesso da parte di qualsiasi soggetto diverso dal destinatario è proibita sia ai sensi dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003 "Codice in materia di protezione dei dati personali". Se avete ricevuto questo messaggio per errore, vi preghiamo di distruggerlo e di informare immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail i...@procne.it <mailto:i...@procne.it>.