Chip, didya get this working? I took a quick look in the wiki and didn't see any docs on it
(Sorry all, I'm obviously catching up on some old threads ) John On Nov 14, 2012, at 1:46 PM, Chip Childers <chip.child...@sungard.com> wrote: > On Fri, Nov 9, 2012 at 3:06 PM, Edison Su <edison...@citrix.com> wrote: >> >> >>> -----Original Message----- >>> From: Chip Childers [mailto:chip.child...@sungard.com] >>> Sent: Friday, November 09, 2012 10:46 AM >>> To: cloudstack-dev@incubator.apache.org >>> Subject: Help Needed: How can I use an SSL certificate that contains an >>> intermediate CA? >>> >>> Hi all, >>> >>> We're trying to use a certificate that has an intermediate CA in the cert >>> chain >>> (top level CA > intermediate CA > certificate) for the console proxy. Has >>> anyone documented the correct process for adding a cert chain? The logic >>> for the uploadCustomCertificate API call only supports a single cert >>> provided >>> by a top level CA right now. >> >> >> It can support cert chain, by use the id filed in the >> uploadCustomCertificate api. >> Id =1 is root ca, 2 is intermediate ca, and so on. >> >>> >>> -chip >> > > I need some help with where to look next. So far, I've got this in > the database (I'm not showing the cert or key fields): > > select id, name, domain_suffix, seq from keystore; > +----+-----------------+---------------------------+------+ > | id | name | domain_suffix | seq | > +----+-----------------+---------------------------+------+ > | 1 | CPVMCertificate | console.test.com | NULL | > | 2 | root | console.test.com | 1 | > | 8 | intermediate_ca | console.test.com | 2 | > +----+-----------------+---------------------------+------+ > 3 rows in set (0.00 sec) > > However, after destroying the CPVM, and waiting for it to regenerate, > I see that it's still using the realhostip.keystore file. > > Looking at the code, I see that in > console-proxy/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java > there is an expectation for ksBits to be != null in order for an > alternate keystore file to be used. That being said, I'm at a loss as > to how that value is set! > > Help would be appreciated. > > -chip > Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
