GitHub user d-chatterjee60 created a discussion: 4.22.1.0 KVM — agent SSL 
handshake fails, cert-import leaves agent self-signed

After recovering from a DB/keystore issue, management presents its cert fine on 
8250 (openssl s_client shows CN=ca.cloudstack.apache.org). But adding a KVM 
host fails: SSH auth OK, ls /dev/kvm OK, keystore-setup OK, then 
keystore-cert-import runs but the agent's cloud.jks keeps its self-signed cert 
(Issuer: CN=HV-1) instead of a management-signed one. Agent then fails SSL 
handshake with NEED_UNWRAP timeout on 8250. RootCAProvider logs "Creating new 
management server certificate and keystore" every boot and doesn't load the 
keystore DB root row. How do I get CAManager to actually sign and return the 
agent's certificate?

GitHub link: https://github.com/apache/cloudstack/discussions/13572

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]

Reply via email to