@Wei Zhou <wei.z...@shapeblue.com> Thanks for informing the db is keystore, i solve this in a very stupid way, clean install a Cloudstack 4.15 , and upload a SSL fron GUI .
After done, dump the table keystore out, and restore to Cloudstack 4.16 db , keystore table , Then destroy ConsoleVM , let it rebuild back,and SSL is coming out . The cloudmokey API seems not working as expecting, the SSL is seens inside keystore DB, but it doesn't work ! I do not know if my fault or not , but follow what show in Shapeblue. Upon checking DB content, the key is there, but somehow console proxy not able to configure https using the key. I am trying to compile the source with the updated patch, but seems issue on compiling, always a dependency issue although I followed the doc online . Tried on Ubuntu 20 and Ubuntu 18, and keep having dependency issue. Ubuntu 18, When using Java 8, it give javac: invalid target release: 11 When using Java11, it have some warning, at the end show something like cannot find deps . Ubuntu 20 even weird , keep having dependency issue like : dpkg-checkbuilddeps: error: Unmet build dependencies: python (>= 2.7) nodejs (>= 12) I wonder what the environment expert here compiling the source . I am interested to try it out also . Hope can get some guides here. On Thu, Jan 13, 2022 at 11:13 PM Wei ZHOU <ustcweiz...@gmail.com> wrote: > Hi Hean, > > Could you please check by the following steps ? > > (1) check if key/certs are saved in DB. > Please check the `keystore` table in DB. > > (2) check if global settings are set correctly. When you change the values, > please restart mgmt server and CPVM. > consoleproxy.sslEnabled (should be 'true') > consoleproxy.url.domain (should be '*.domain.com') > > (3) check if port 443 is listening in CPVM. > > netstat -anltp > > In /var/log/cloud.log in CPVM, you should see the logs like below > > 2022-01-13 13:00:30,811 INFO > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] > (Console-Proxy-Main:null) Start initializing SSL > 2022-01-13 13:00:30,811 INFO > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] > (Console-Proxy-Main:null) Initializing SSL from passed-in certificate > 2022-01-13 13:00:30,814 INFO > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] > (Console-Proxy-Main:null) Key manager factory is initialized > 2022-01-13 13:00:30,818 INFO > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] > (Console-Proxy-Main:null) Trust manager factory is initialized > 2022-01-13 13:00:30,819 INFO > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] > (Console-Proxy-Main:null) SSL context is initialized > 2022-01-13 13:00:30,838 INFO > [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl] > (Console-Proxy-Main:null) create HTTPS server instance on port: 443 > > > > You should be able to upload an ssl certificate by cloning the cloudstack > repository and setting up a local cloudstack UI. > see > https://github.com/apache/cloudstack/blob/main/ui/README.md#development > > > -Wei > > > On Mon, 10 Jan 2022 at 10:52, Hean Seng <heans...@gmail.com> wrote: > > > I not sure related to this or not, I ssh login to Console Proxy , and > > seems port 443 is not listening there . > > > > Is there anyway I can can check in the console proxy, see if the cert is > > properly deploy to the console proxy vm. > > > > On Mon, Jan 10, 2022 at 5:31 PM Suresh Anaparti < > > suresh.anapa...@shapeblue.com> wrote: > > > > > Hi, > > > > > > I could see a related issue created here > > > https://github.com/apache/cloudstack/issues/5634 > > > > > > If you have the similar issue with Letsencrypt certs, you add more > > details > > > there. Otherwise, please create a new issue with the details. > > > > > > > > > Regards, > > > Suresh > > > > > > On 08/01/22, 11:59 AM, "Hean Seng" <heans...@gmail.com> wrote: > > > > > > hi. Suresh > > > > > > I am gemnerating Letsenctyp and instll the cert using the API . > > > I running.time as show in the shapeblue document. It successfully > > > running > > > the API > > > > > > > > > "customcertificate": { > > > > > > "message": "Certificate has been successfully updated, if its > the > > > server certificate we would reboot all running console proxy VMs > and > > > secondary storage VMs to propagate the new certificate, please > give a > > > few > > > minutes for console access and storage services service to be up > and > > > working again" > > > > > > } > > > > > > } > > > > > > > > > > > > running 2time, first time is chain + root > > > second time is cert. perm and privatekey pkcs8 > > > > > > after upload, destroy and let it rebuild the console proxy , > after > > > all > > > up, it seems https://ip-.domain in console cannot load as expected > > > > > > > > > > > > > > > On Wed, Jan 5, 2022 at 8:12 PM Suresh Anaparti < > > > suresh.anapa...@shapeblue.com> wrote: > > > > > > > Hi, > > > > > > > > You can check the certificate configuration process through > API/cmk > > > here: > > > > > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ > > > > > > > > > > > > Regards, > > > > Suresh > > > > > > > > On 05/01/22, 4:55 PM, "Hean Seng" <heans...@gmail.com> wrote: > > > > > > > > Any body know how to use the API to upload this cert for > > console > > > proxy, > > > > Otherwise this 4.16 is not workable . This function seems > no > > > > alternative to make it work > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Jan 3, 2022 at 4:08 PM Hean Seng <heans...@gmail.com> wrote: > > > > > > > > > Is there anyway to manual update it before 4.16.1 release , > > > > otherwise the > > > > > SSL cannot be install. > > > > > > > > > > On Mon, Jan 3, 2022 at 3:06 PM Suresh Anaparti < > > > > > suresh.anapa...@shapeblue.com> wrote: > > > > > > > > > >> Good, thanks for the update Pearl! > > > > >> > > > > >> > > > > >> Regards, > > > > >> Suresh > > > > >> > > > > >> On 03/01/22, 12:31 PM, "Pearl d'Silva" < > > > pearl.dsi...@shapeblue.com> > > > > >> wrote: > > > > >> > > > > >> Hi, > > > > >> > > > > >> This seems to be an issue in 4.16.0 but has been > > > addressed with: > > > > >> https://github.com/apache/cloudstack/pull/5682/ and > should > > be > > > > available > > > > >> in 4.16.1. > > > > >> > > > > >> Thanks, > > > > >> Pearl > > > > >> > > > > >> [ > > > > >> > > > > > > > > > > https://opengraph.githubassets.com/a85d63087cbc026a03525dcc5d491e900913e0ad6e2b09a6dd8eb27f392c60a8/apache/cloudstack/pull/5682 > > > > >> ]<https://github.com/apache/cloudstack/pull/5682/> > > > > >> UI : Fix SSL certificate submit button not working by > > > dhslove · > > > > Pull > > > > >> Request #5682 · apache/cloudstack< > > > > >> https://github.com/apache/cloudstack/pull/5682/> > > > > >> Description This PR fixes an issue where clicking the > > > Submit > > > > button > > > > >> in the SSL Certificates dialog in the Infrastructure > Summary > > > UI did > > > > not > > > > >> work. Types of changes Breaking change (fix o... > > > > >> github.com > > > > >> > > > > >> > > > > >> ________________________________ > > > > >> From: Deepak Kumar <deepak.ku...@indiqus.com.INVALID> > > > > >> Sent: Monday, January 3, 2022 12:23 PM > > > > >> To: users@cloudstack.apache.org < > > > users@cloudstack.apache.org> > > > > >> Subject: Re: Cloudstack 4.16 - GUI unable to submit > SSL > > > > >> > > > > >> Hi Hean Seng, > > > > >> > > > > >> I am facing the same issue. > > > > >> > > > > >> Thanks & Regards, > > > > >> Deepak Kumar > > > > >> IndiQus Global Technical Support > > > > >> www.indiqus.com<http://www.indiqus.com> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> On Sun, Jan 2, 2022 at 11:55 PM Hean Seng < > > heans...@gmail.com > > > > > > > > wrote: > > > > >> > > > > >> > Hi > > > > >> > > > > > >> > I am using Cloudstack 4.16 , Ubuntu 20 for Mgmt > > server. > > > > >> > > > > > >> > Infrastructure ->. Summary -> SSL Certification > > > > >> > > > > > >> > Entering all the SSL detail, and click submit , but > > the > > > > click has > > > > >> no > > > > >> > responding . > > > > >> > Clecking the MGMT log, and nothing seems processed . > > > > >> > > > > > >> > Tried on both Chrome, Safari and same issue . > > > > >> > Tried the same SSL to Cloudstack 4.15 , and it has > no > > > issue > > > > >> submitting the > > > > >> > SSL > > > > >> > > > > > >> > Anybody facing the same issue ? > > > > >> > > > > > >> > > > > > >> > -- > > > > >> > Regards, > > > > >> > Hean Seng > > > > >> > > > > > >> > > > > >> -- > > > > >> This message is intended only for the use of the > > > individual or > > > > entity > > > > >> to > > > > >> which it is addressed and may contain confidential > > and/or > > > > privileged > > > > >> information. If you are not the intended recipient, > > please > > > > delete the > > > > >> original message and any copy of it from your computer > > > system. > > > > You are > > > > >> hereby notified that any dissemination, distribution > or > > > copying > > > > of > > > > >> this > > > > >> communication is strictly prohibited unless proper > > > > authorization has > > > > >> been > > > > >> obtained for such action. If you have received this > > > > communication in > > > > >> error, > > > > >> please notify the sender immediately. Although IndiQus > > > attempts > > > > to > > > > >> sweep > > > > >> e-mail and attachments for viruses, it does not > > guarantee > > > that > > > > both > > > > >> are > > > > >> virus-free and accepts no liability for any damage > > > sustained as > > > > a > > > > >> result of > > > > >> viruses. > > > > >> > > > > >> > > > > > > > > > > -- > > > > > Regards, > > > > > Hean Seng > > > > > > > > > > > > > > > > > -- > > > > Regards, > > > > Hean Seng > > > > > > > > > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
