Hi Mevludin, When you upload new ssl certificates, it will overwrite the old ssl certificates. The certificates (root/intermediate/server) are saved in the `keystore` table in cloudstack database. It is not possible to remove ssl certificates via api or on UI. You can remove them by manual DB change.
-Wei On Mon, 29 Nov 2021 at 13:24, Mevludin Blazevic <mblaze...@uni-koblenz.de> wrote: > Hi, > > thanks a lot for your help! I have made the console proxy work with > https. I found out that for some reason our DNS server did not take the > DNS entry for the public IP of the Console Proxy. > > Is there a way to remove a SSL certificate for the Console Proxy/ which > was uploaded over the GUI? I assume if I would upload a new certicate > (new end date) Cloudstack would use the newer one, right? > > Regards > > Mevludin > > Am 26.11.2021 um 10:40 schrieb Rohit Yadav: > > Hi Mevludin, > > > > You need to define the consoleproxy.sslEnabled and > consoleproxy.url.domain global settings and upload the SSL certificate via > Infra -> SSL certificate form. Upon uploading of your certificate the CPVM > should restart/reconfigure. Also make sure that the domain (if not a > wildcard) is resolved to the public IP address of the CPVM. You don't need > any port-specific configuration, but make sure to restart mgmt server after > changing global settings, if necessary destroy the old CPVM after restart. > > > > You can read more here: > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ > > > > With 4.16, when the consoleproxy.sslEnabled is false but domain is > defined then the CPVM url will open the console proxy url without enforcing > https:// (however the https:// scheme will be enforced is mgmt server is > accessed over https://). This can be used for doing out-of-band SSL > termination, for ex. using a nginx proxy. > > > > > > Regards. > > > > ________________________________ > > From: Mevludin Blazevic <mblaze...@uni-koblenz.de> > > Sent: Thursday, November 25, 2021 23:56 > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Setting up a DNS Name for console proxy ssl connection > > > > Hi all, > > > > is it enough to define just a DNS name for the console proxys public ip > > address for enabling SSL? Let's say you define cpvm.mydomain.com as the > > DNS name for the console proxy and also set this in the configs > > "consoleproxy.url.domain" and "consoleproxy.sslEnabled" and upload an > > appropriate certificate via the GUI, which is not a wildcard > > certificate. When trying to access the console I get a 404 error. Did I > > miss a redirection configuration somewhere from port 8080 to 443 (or > 8443)? > > > > Regards > > > > Mevludin > > > > > > > > > > > > > -- > Mevludin Blazevic, M.Sc. > > University of Koblenz-Landau > Computing Centre (GHRKO) > Universitaetsstrasse 1 > D-56070 Koblenz, Germany > Room A023 > Tel: +49 261/287-1326 > >
