Hi Hean,

Could you please check by the following steps ?

(1) check if key/certs are saved in DB.
Please check the `keystore` table in DB.

(2) check if global settings are set correctly. When you change the values,
please restart mgmt server and CPVM.
consoleproxy.sslEnabled (should be 'true')
consoleproxy.url.domain (should be '*.domain.com')

(3) check if port 443 is listening in CPVM.

netstat -anltp

In /var/log/cloud.log in CPVM, you should see the logs like below

2022-01-13 13:00:30,811 INFO
 [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) Start initializing SSL
2022-01-13 13:00:30,811 INFO
 [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) Initializing SSL from passed-in certificate
2022-01-13 13:00:30,814 INFO
 [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) Key manager factory is initialized
2022-01-13 13:00:30,818 INFO
 [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) Trust manager factory is initialized
2022-01-13 13:00:30,819 INFO
 [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) SSL context is initialized
2022-01-13 13:00:30,838 INFO
 [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
(Console-Proxy-Main:null) create HTTPS server instance on port: 443



You should be able to upload an ssl certificate by cloning the cloudstack
repository and setting up a local cloudstack UI.
see https://github.com/apache/cloudstack/blob/main/ui/README.md#development


-Wei


On Mon, 10 Jan 2022 at 10:52, Hean Seng <heans...@gmail.com> wrote:

> I not sure related to this or not,  I ssh login to Console Proxy , and
> seems port 443 is not listening  there .
>
> Is there anyway I can can check in the console proxy, see if the cert is
> properly deploy to the console proxy vm.
>
> On Mon, Jan 10, 2022 at 5:31 PM Suresh Anaparti <
> suresh.anapa...@shapeblue.com> wrote:
>
> > Hi,
> >
> > I could see a related issue created here
> > https://github.com/apache/cloudstack/issues/5634
> >
> > If you have the similar issue with Letsencrypt certs, you add more
> details
> > there. Otherwise, please create a new issue with the details.
> >
> >
> > Regards,
> > Suresh
> >
> > On 08/01/22, 11:59 AM, "Hean Seng" <heans...@gmail.com> wrote:
> >
> >     hi. Suresh
> >
> >     I am gemnerating Letsenctyp and instll the cert using the API .
> >     I running.time as show in the shapeblue document.  It successfully
> > running
> >     the API
> >
> >
> >       "customcertificate": {
> >
> >         "message": "Certificate has been successfully updated, if its the
> >     server certificate we would reboot all running console proxy VMs and
> >     secondary storage VMs to propagate the new certificate, please give a
> > few
> >     minutes for console access and storage services service to be up and
> >     working again"
> >
> >       }
> >
> >     }
> >
> >
> >
> >     running 2time, first time is chain +  root
> >     second time is cert. perm and privatekey pkcs8
> >
> >     after upload, destroy and let it rebuild the console proxy ,   after
> > all
> >     up, it seems https://ip-.domain in console cannot load as expected
> >
> >
> >
> >
> >     On Wed, Jan 5, 2022 at 8:12 PM Suresh Anaparti <
> >     suresh.anapa...@shapeblue.com> wrote:
> >
> >     > Hi,
> >     >
> >     > You can check the certificate configuration process through API/cmk
> > here:
> >     > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
> >     >
> >     >
> >     > Regards,
> >     > Suresh
> >     >
> >     > On 05/01/22, 4:55 PM, "Hean Seng" <heans...@gmail.com> wrote:
> >     >
> >     >     Any body know how to use the API to upload this cert for
> console
> > proxy,
> >     >     Otherwise this  4.16 is not workable .  This function seems no
> >     >     alternative to make it work
> >     >
> >     >
> >     >
> >     >
> >
> >
> >
> > > On Mon, Jan 3, 2022 at 4:08 PM Hean Seng <heans...@gmail.com> wrote:
> >     >
> >     >     > Is there anyway to manual update it before 4.16.1 release ,
> >     > otherwise the
> >     >     > SSL cannot be install.
> >     >     >
> >     >     > On Mon, Jan 3, 2022 at 3:06 PM Suresh Anaparti <
> >     >     > suresh.anapa...@shapeblue.com> wrote:
> >     >     >
> >     >     >> Good, thanks for the update Pearl!
> >     >     >>
> >     >     >>
> >     >     >> Regards,
> >     >     >> Suresh
> >     >     >>
> >     >     >> On 03/01/22, 12:31 PM, "Pearl d'Silva" <
> > pearl.dsi...@shapeblue.com>
> >     >     >> wrote:
> >     >     >>
> >     >     >>     Hi,
> >     >     >>
> >     >     >>     This seems to be an issue in 4.16.0 but has been
> > addressed with:
> >     >     >> https://github.com/apache/cloudstack/pull/5682/ and should
> be
> >     > available
> >     >     >> in 4.16.1.
> >     >     >>
> >     >     >>     Thanks,
> >     >     >>     Pearl
> >     >     >>
> >     >     >>     [
> >     >     >>
> >     >
> >
> https://opengraph.githubassets.com/a85d63087cbc026a03525dcc5d491e900913e0ad6e2b09a6dd8eb27f392c60a8/apache/cloudstack/pull/5682
> >     >     >> ]<https://github.com/apache/cloudstack/pull/5682/>
> >     >     >>     UI : Fix SSL certificate submit button not working by
> > dhslove ·
> >     > Pull
> >     >     >> Request #5682 · apache/cloudstack<
> >     >     >> https://github.com/apache/cloudstack/pull/5682/>
> >     >     >>     Description This PR fixes an issue where clicking the
> > Submit
> >     > button
> >     >     >> in the SSL Certificates dialog in the Infrastructure Summary
> > UI did
> >     > not
> >     >     >> work. Types of changes Breaking change (fix o...
> >     >     >>     github.com
> >     >     >>
> >     >     >>
> >     >     >>     ________________________________
> >     >     >>     From: Deepak Kumar <deepak.ku...@indiqus.com.INVALID>
> >     >     >>     Sent: Monday, January 3, 2022 12:23 PM
> >     >     >>     To: users@cloudstack.apache.org <
> > users@cloudstack.apache.org>
> >     >     >>     Subject: Re: Cloudstack 4.16 - GUI unable to submit SSL
> >     >     >>
> >     >     >>     Hi  Hean Seng,
> >     >     >>
> >     >     >>     I am facing the same issue.
> >     >     >>
> >     >     >>     Thanks & Regards,
> >     >     >>     Deepak Kumar
> >     >     >>     IndiQus Global Technical Support
> >     >     >>     www.indiqus.com<http://www.indiqus.com>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >> On Sun, Jan 2, 2022 at 11:55 PM Hean Seng <
> heans...@gmail.com
> > >
> >     > wrote:
> >     >     >>
> >     >     >>     > Hi
> >     >     >>     >
> >     >     >>     > I am using Cloudstack 4.16 , Ubuntu 20 for Mgmt
> server.
> >     >     >>     >
> >     >     >>     > Infrastructure ->. Summary -> SSL Certification
> >     >     >>     >
> >     >     >>     > Entering all the SSL detail, and click submit ,  but
> the
> >     > click has
> >     >     >> no
> >     >     >>     > responding .
> >     >     >>     > Clecking the MGMT log, and nothing seems processed .
> >     >     >>     >
> >     >     >>     > Tried on both  Chrome, Safari and same issue .
> >     >     >>     > Tried the same SSL to  Cloudstack 4.15 , and it has no
> > issue
> >     >     >> submitting the
> >     >     >>     > SSL
> >     >     >>     >
> >     >     >>     > Anybody facing the same issue ?
> >     >     >>     >
> >     >     >>     >
> >     >     >>     > --
> >     >     >>     > Regards,
> >     >     >>     > Hean Seng
> >     >     >>     >
> >     >     >>
> >     >     >>     --
> >     >     >>     This message is intended only for the use of the
> > individual or
> >     > entity
> >     >     >> to
> >     >     >>     which it is addressed and may contain confidential
> and/or
> >     > privileged
> >     >     >>     information. If you are not the intended recipient,
> please
> >     > delete the
> >     >     >>     original message and any copy of it from your computer
> > system.
> >     > You are
> >     >     >>     hereby notified that any dissemination, distribution or
> > copying
> >     > of
> >     >     >> this
> >     >     >>     communication is strictly prohibited unless proper
> >     > authorization has
> >     >     >> been
> >     >     >>     obtained for such action. If you have received this
> >     > communication in
> >     >     >> error,
> >     >     >>     please notify the sender immediately. Although IndiQus
> > attempts
> >     > to
> >     >     >> sweep
> >     >     >>     e-mail and attachments for viruses, it does not
> guarantee
> > that
> >     > both
> >     >     >> are
> >     >     >>     virus-free and accepts no liability for any damage
> > sustained as
> >     > a
> >     >     >> result of
> >     >     >>     viruses.
> >     >     >>
> >     >     >>
> >     >     >
> >     >     > --
> >     >     > Regards,
> >     >     > Hean Seng
> >     >     >
> >     >
> >     >
> >     >     --
> >     >     Regards,
> >     >     Hean Seng
> >     >
> >     >
> >
> >     --
> >     Regards,
> >     Hean Seng
> >
> >
>
> --
> Regards,
> Hean Seng
>

Reply via email to