If you have taken backup of your table(keystore) before upload then you revert to previous state then upload the certificates again.
Encode(url ecode) the root and intermediate keys while uploading through api Root - seq 1 Intermediate seq 2 And while uploading server certificate through UI don 't encode the keys ,enter only server certificate and private key(it should be PKCS#8 format) and domain name because you have already uploaded root and intermediate through API.( how to check certificate uploaded correctly or not on system vms ,just run the keytool -list on system vms --for syntax/description ref this blog it might useful to you : http://sadhusuresh.blogspot.in/2015/01/t-hings-you-should-consider-while.html) Regards Sadhu -----Original Message----- From: Andrija Panic [mailto:andrija.pa...@gmail.com] Sent: 07 April 2015 23:19 To: dev@cloudstack.apache.org Cc: us...@cloudstack.apache.org Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM Thanks Suresh. 2 identical sequence numbers means: first occurence is OLD Intermediate CA(from 1 year ago), and the second occurence is the new one just uploaded (it happened I used different names) for ROOT CA - it happened I used the same name "ROOT1" so the old one got overwriten with seq number 1 Do you expect I should delete the old Intermediate1 CA manually (and leave only the new one) ? Or am I expected to upload again ROOT/intermediate with exact same names and seq numbers ? Thanks On 7 April 2015 at 19:43, Suresh Sadhu <suresh.sa...@citrix.com> wrote: > I see same sequence number for 2 intermediate certificates. does your > certificate has multiple intermediate certificate or it has only one. > > The reason for getting realhost ip is . your certificate is not > applied correctly that is reason it's still refer the old certificate. > > > Regards > sadhu > > -----Original Message----- > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > Sent: 07 April 2015 22:56 > To: us...@cloudstack.apache.org > Cc: dev@cloudstack.apache.org > Subject: Re: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > Hi Lucian > > yes it is *.domain.com (from 4.3.1 onwards)... > > If you can check my attached image, keystore tableseems messed a > little bit > :) > http://snag.gy/LMA4h.jpg > > > On 7 April 2015 at 19:12, Nux! <n...@li.nux.ro> wrote: > > > Can you check secstorage.ssl.cert.domain in global settings and see > > if it's the correct one? > > Should be *.blah.tld or whatever your domain is. > > > > > > HTH > > Lucian > > > > -- > > Sent from the Delta quadrant using Borg technology! > > > > Nux! > > www.nux.ro > > > > ----- Original Message ----- > > > From: "Andrija Panic" <andrija.pa...@gmail.com> > > > To: us...@cloudstack.apache.org, dev@cloudstack.apache.org > > > Sent: Tuesday, 7 April, 2015 17:42:35 > > > Subject: {HELP-NEEDED] Replace Root CA etc, for CPVM and SSVM > > > > > Hi guys, > > > > > > our SSL just expired, and I needed to upload new ROOT CA, > > > Intemediata > > ROOT > > > CA, and at the end SSL for sever and a private key. > > > > > > I uploaded new ROOT CA, and after CPVM rebooted, also uploaded > > Intermediate > > > ROOT CA, via API, with URL encoded stuff - checked in database all > > > seems > > OK. > > > > > > But after uploading new SSL and private key, destroyed CPVM and > > > SSVM > > > - my Console Proxy shows *.realiphost.com as the domain for the > > > SSL wjen I access > > > > > > Any clues what I did wrong ? > > > Should I have somehow removed first old ROOT CA and old > > > Intermediate CA, and upload new ones ? > > > > > > Here is database content from cloud.keystore: > > > http://snag.gy/LMA4h.jpg > > > > > > This means that for some reason, original realiphost.com SSL is > > > now used inside CPVM... > > > > > > Any help greatly appreciated, since this is live system... > > > > > > Thanks, > > > > > > > > > > > > -- > > > > > > Andrija Panić > > > > > > -- > > Andrija Panić > -- Andrija Panić
