Hi Vishnu,
Here are (probably) the same steps that I did to make my vm SSL working.
For this example I will use public range of 50.50.50.0 to 50.50.50.5
1. execute the following commands to enable ssl on the cloudstack server
using cloudmonkey
cmk update configuration name=consoleproxy.url.domain value='*.
ssvm.domain.org'
cmk update configuration name=consoleproxy.sslEnabled value=true
cmk update configuration name=secstorage.ssl.cert.domain
value='*.ssvm.domain.org'
cmk update configuration name=secstorage.encrypt.copy
value=true
2. Restart the management server
3. Ask Domain admins to register the following records in DNS
50.50.50.1 50.50.50.1.ssvm.domain.org
50.50.50.2 50.50.50.2.ssvm.domain.org
50.50.50.3 50.50.50.3.ssvm.domain.org
50.50.50.4 50.50.50.4.ssvm.domain.org
50.50.50.5 50.50.50.5.ssvm.domain.org
4. Ask Domain admins to provide wildcard certificate for
*.ssvm.domain.org
5. Upload the combined root and intermediate certificates (from
step 4)
Immediately after upload the SVMs will restart automatically.
6. TEST! Open the URL that responds to the current SSVM and check
the certificate present. If the certificate has not yet been updated,
reboot the cloudstack server and the SSVMs once more. If the
certificate has changed but is still reported as unsecure - pay attention
to details, root/intermediate/wildcard pairs may have been uploaded in the
wrong order.
Best regards,
Jordan
On Thu, Jun 20, 2024 at 8:51 PM weizhouapache (via GitHub) <g...@apache.org>
wrote:
>
> GitHub user weizhouapache added a comment to the discussion: Unable to
> Secure CloudStack System VMs with Dynamic URL
>
> > @weizhouapache Ports 443 and 8443 are listening in CPVM...and IP are
> reachable 
>
> any error/exception in /var/log/cloud.log in CPVM ?
>
>
> GitHub link:
> https://github.com/apache/cloudstack/discussions/9278#discussioncomment-9831869
>
> ----
> This is an automatically sent email for users@cloudstack.apache.org.
> To unsubscribe, please send an email to:
> users-unsubscr...@cloudstack.apache.org
>
>
