Perhaps stick this on the wiki too. On Fri, Sep 21, 2012 at 6:26 PM, Kelven Yang <kelven.y...@citrix.com> wrote:
> Periodically we get questions asking about what realhostip DNS name is > exactly doing in CloudStack. Realhostip.com domain exists to make HTTPS > work across all CloudStack installations in different customer sites, > without administrators to worry about how to load a SSL certificate due to > deployment environment changes. > > SSL certificates are used in CloudStack system VMs to host HTTPS > connections, for example, console proxy VM and Secondary storage VM, both > uses it in its HTTP server. Realhostip.com SSL certificate is signed with > wild-match addresses, all DNS names under *.realhostip.com are qualified > to use the certificate. Because of the fact that every CloudStack customer > has its own environment, every each one has their own sets of system VMs > in their installations and each system VM instance has their own sets of > IP addresses. To use ONE certificate to apply for all these instances > among different customers, we came out with a solution by providing > dynamic DNS service hosted by CloudStack, the DDNS service basically > translates following form of DNS names to IP addresses > > xxx-xxx-xxx-xxx.realhostip.com to IP address xxx.xxx.xxx.xxx > > CloudStack has control of IP address in each installation, so whenever we > need a SSL certificate, does not matter which customer is running the > installation, with such DDNS service is available, we can always assign it > a suffix under realhostip.com domain on top of ever-changing IP addresses, > this is the trick we play to make ONE SSL certificate applicable > universally among all CloudStack installations. > > In most of these cases, the ugly formed DNS name is not visible to end > users, since its main purpose is to help establish secure communication > channel (not truly to certify a site), however, there are cases that > customer may do care, therefore, Console proxy VM does provide > customizable way for users to use their own SSL certificates > > Kelven > > -- NS
