On Dec 26, 2012, at 4:34 PM, John Kinsella <j...@stratosec.co> wrote:
> Chip, didya get this working? I took a quick look in the wiki and didn't see > any docs on it I did actually. My problem boiled down to the client library I was using hadn't been updated to match the server side API's desire to use "+" as the space char. Edison's instructions work. > > (Sorry all, I'm obviously catching up on some old threads ) > John > > On Nov 14, 2012, at 1:46 PM, Chip Childers <chip.child...@sungard.com> wrote: > >> On Fri, Nov 9, 2012 at 3:06 PM, Edison Su <edison...@citrix.com> wrote: >>> >>> >>>> -----Original Message----- >>>> From: Chip Childers [mailto:chip.child...@sungard.com] >>>> Sent: Friday, November 09, 2012 10:46 AM >>>> To: cloudstack-dev@incubator.apache.org >>>> Subject: Help Needed: How can I use an SSL certificate that contains an >>>> intermediate CA? >>>> >>>> Hi all, >>>> >>>> We're trying to use a certificate that has an intermediate CA in the cert >>>> chain >>>> (top level CA > intermediate CA > certificate) for the console proxy. Has >>>> anyone documented the correct process for adding a cert chain? The logic >>>> for the uploadCustomCertificate API call only supports a single cert >>>> provided >>>> by a top level CA right now. >>> >>> >>> It can support cert chain, by use the id filed in the >>> uploadCustomCertificate api. >>> Id =1 is root ca, 2 is intermediate ca, and so on. >>> >>>> >>>> -chip >> >> I need some help with where to look next. So far, I've got this in >> the database (I'm not showing the cert or key fields): >> >> select id, name, domain_suffix, seq from keystore; >> +----+-----------------+---------------------------+------+ >> | id | name | domain_suffix | seq | >> +----+-----------------+---------------------------+------+ >> | 1 | CPVMCertificate | console.test.com | NULL | >> | 2 | root | console.test.com | 1 | >> | 8 | intermediate_ca | console.test.com | 2 | >> +----+-----------------+---------------------------+------+ >> 3 rows in set (0.00 sec) >> >> However, after destroying the CPVM, and waiting for it to regenerate, >> I see that it's still using the realhostip.keystore file. >> >> Looking at the code, I see that in >> console-proxy/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java >> there is an expectation for ksBits to be != null in order for an >> alternate keystore file to be used. That being said, I'm at a loss as >> to how that value is set! >> >> Help would be appreciated. >> >> -chip > > Stratosec - Secure Infrastructure as a Service > o: 415.315.9385 > @johnlkinsella >
