Re: Urgent. Importing certificate to CS 4.3.1 using GUI

Wed, 24 Sep 2014 12:11:39 -0700 

Hi,

Couple of things :

1. The error will be logged to the cloudstack management server log file
(management-server.log) and would really help to know what it is.
2. While uploading the certificate, the domain_suffix should be
somedomain.tld and not *.somedomain.tld (the asterisk is only for global
config so that cloudstack can distinguish between HTTP and HTTPS modes)

Thanks
Amogh

On 9/24/14 7:40 AM, "France" <mailingli...@isg.si> wrote:

>Hi guys,
>
>i want to migrate away from realhostip.com. I have set up DNS service in
>no time, but am having problems importing certificates to ACS 3.4.1.
>
>I created my own CA like this:
>
>cd /etc/pki/CA
>touch index.txt
>echo 1000 > serial
>openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096
>chmod 400 /etc/pki/CA/private/ca.key.pem
> nano -w /etc/pki/tls/openssl.cnf
>openssl req -new -x509 -days 63650 -key /etc/pki/CA/private/ca.key.pem
>-sha256 -extensions v3_ca -out /etc/pki/CA/certs/ca.cert.pem
>
>
>Signed my own keys and converted them to pkcs8 format like this:
>
>cd /etc/pki/CA
>openssl genrsa -out private/vse.somedomain.tld.key.pem 4096
>chmod 400 private/vse.somedomain.tld.key.pem
>openssl req -sha256 -new -key private/vse.somedomain.tld.key.pem  -out
>certs/vse.somedomain.tld.csr.pem
>openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem
>-extensions usr_cert -notext -md sha256 -days 63649 -in
>certs/vse.somedomain.tld.csr.pem -out certs/vse.somedomain.tld.cert.pem
>openssl pkcs8 -topk8 -in private/vse.somedomain.tld.key.pem -out
>private/vse.somedomain.tld.key.encrypted.pkcs8
>openssl pkcs8 -in private/vse.somedomain.tld.key.encrypted.pkcs8 -out
>private/vse.somedomain.tld.key.pkcs8
>chmod 400 private/vse.somedomain.tld.key.encrypted.pkcs8
>chmod 400 private/vse.somedomain.tld.key.pkcs8
>
>
>
>But when trying to import it via GUI: infrastructure -> SSL Certificate:
>Certificate from vse.somedomain.tld.cert.pem
>PKCS8 from private/vse.somedomain.tld.key.pkcs8
>DNS domain suffix to: *.somedomain.tld
>
>But it fails with:
>"Failed to update SSL Certificate."
>
>Please help me upload the new certificate.
>Catalina.out shows no error. I have no idea what else to check.
>
>Thank you.
>F.
>
>

Reply via email to