not work.
See these blog posts:
https://blogs.apache.org/cloudstack/entry/realhostip_service_is_being_retir
ed
https://blogs.apache.org/cloudstack/entry/cloudstack_s_realhostip_service_t
o
http://shapeblue.com/cloudstack/retirement-of-the-realhostip-com-service/
Please avoid inconvenience to
Thanks Nitin,
On 01-Oct-2014, at 10:06 pm, Nitin Mehta wrote:
> Just an FYI - For troubleshooting in this area do refer to
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+up
> loading+custom+domain+certificate+instead+of+using+realhostip.com
I actually read this wiki a
fixed in 4.3.1
>>>>>
>>>>> Apologies for the inconvenience.
>>>>>
>>>>> Amogh
>>>>>
>>>>> On 10/1/14 8:16 AM, "Rohit Yadav" wrote:
>>>>>
>>>>>> Just to update on the cert
pload issue with 4.2:
>>>>>
>>>>> I’m able to download and add new volumes/templates/isos and the link
>>>>> provided has a valid https url with the same certificate that I
>>>>> uploaded
>>>>> though when I try to access the cons
>>>> On 01-Oct-2014, at 4:55 pm, Rohit Yadav
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>> I’ve fixed cloudmonkey to url encode parameters so now you can use
>>>>> cloudmonkey to upload custom certificate but only in non-interac
us
paul.an...@shapeblue.com
-Original Message-
From: Amogh Vasekar [mailto:amogh.vase...@citrix.com]
Sent: 01 October 2014 18:15
To: us...@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: Unable to upload SSL certificate for realhostip replacement
Hi,
Can you please paste the conte
parameters so now you can use
>>>> cloudmonkey to upload custom certificate but only in non-interactive
>>>> mode on shell (bash/zsh). You’ll have to install cloudmonkey from
>>>>source
>>>> for now since the fix is only on master.
>>>>
>
; for now since the fix is only on master.
>>>
>>> Something like:
>>> $ cloudmonkey upload customcertificate id=xx domainsuffix=yy name=zzz
>>> certificate=‘asdf
>>> asdfasdf
>>> asdfasdf
>>> asdf---'
>>>
>>> I’ve so
e
>>for now since the fix is only on master.
>>
>> Something like:
>> $ cloudmonkey upload customcertificate id=xx domainsuffix=yy name=zzz
>>certificate=‘asdf
>> asdfasdf
>> asdfasdf
>> asdf---'
>>
>> I’ve some issues to report while re
asdf
> asdf---'
>
> I’ve some issues to report while replacing certificates to get rid of
> realhostip, this is specific for Xen could apply for other hypervisors as
> well:
>
> - In case of 4.2, I see in the database that seq is 0 for the root
> certificate for the
customcertificate id=xx domainsuffix=yy name=zzz
certificate=‘asdf
asdfasdf
asdfasdf
asdf---'
I’ve some issues to report while replacing certificates to get rid of
realhostip, this is specific for Xen could apply for other hypervisors as well:
- In case of 4.2, I see in the database that seq
Hi,
For the encoding, in your case it was the space character causing the
issue - it should be replaced by %20. The correct encoding would be
(hoping mail clients don't screw up the blob):
-BEGIN%20CERTIFICATE-%0AMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQU
AME4xCzAJBgNVBAYTAlVT%0AMRAwDgYDV
Hi Wido,
I have changed the value of secstorage.ssl.cert.domain and restart
management server, before I start uploading all the certificates.
I found this article, which might be related to the problem:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+uploading+custom+dom
> Op 27 sep. 2014 om 19:25 heeft Indra Pramana het volgende
> geschreven:
>
> Dear all,
>
> FYI, I managed to complete the tasks and install the certificates. As a
> workaround to the unable to upload the root/intermediate cert via API
> issue, I uploaded a certificate with just "BEGIN" as
Dear all,
FYI, I managed to complete the tasks and install the certificates. As a
workaround to the unable to upload the root/intermediate cert via API
issue, I uploaded a certificate with just "BEGIN" as text via API, and then
proceed to update the keystore table on the MySQL database directly to
Dear all,
Apologise for sending quite a lot of emails tonight. Anyone knows if it's
safe for me to update the keystore table on the database directly? Since
the API call doesn't work.
Thank you.
On Sun, Sep 28, 2014 at 12:39 AM, Indra Pramana wrote:
> Only if I key in the certificate as "BEGI
Only if I key in the certificate as "BEGIN", then it seems to be accepting.
But of course, the certificate is invalid.
1efe722a-e7c7-4c43-9f6b-67ce860dbe34
Is it my browser issue? I have tried using two different browsers: Firefox
and Chrome, and both are having the same problem.
On Sun, Sep
I tried to key in just "BEGIN CERTIFICATE\nEND CERTIFICATE" without the
"-" and the content of the certificate itself. Same problem persists,
it says parameter certificate is invalid, contains illegal ASCII
non-printable characters.
431
Received value BEGIN CERTIFICATE END CERTIFICATE f
Hi Amogh and all,
To add, I am using RapidSSL and I got the root and intermediate CAs from
here:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457
I have ensured that the encoding is done correctly, but still there's issue
when I tried to
Hi Amogh,
I tried again tonight, still the same. Not too sure why, is it something
wrong with the certificate? But I have confirmed that it's the correct root
certificate from my CA.
Any other advice?
Looking forward to your reply, thank you.
Cheers.
On Tue, Sep 23, 2014 at 12:56 AM, Amogh Vas
loudstack.apache.org<mailto:us...@cloudstack.apache.org>"
mailto:us...@cloudstack.apache.org>>,
"users...@cloudstack.apache.org<mailto:users...@cloudstack.apache.org>"
mailto:users...@cloudstack.apache.org>>
Subject: RE: Realhostip service extended till Sep 30th
Can you try using http://meyerweb.com/eric/tools/dencoder/
Amogh
On 9/22/14 4:36 AM, "Indra Pramana" wrote:
>Dear all,
>
>I am following the instruction on this documentation to replace
>realhostip.com with my own domain.
>
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Re
Dear all,
I am following the instruction on this documentation to replace
realhostip.com with my own domain.
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
Everything is fine until I need to upload the root certificate via API
he.org
Cc: Amogh Vasekar
Subject: Re: Realhostip service extended till Sep 30th
Created another wiki [1] for troubleshooting and information on the
implementation details.
[1]
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Troubleshooting+-+up
loading+custom+domain+certificate+
>-Nitin
>
>On 05/06/14 4:23 PM, "Animesh Chaturvedi"
>wrote:
>
>>
>>Folks
>>
>>I wanted to provide an update on shutting down of RealhostIp service.
>>Citrix has decided to move the date by one quarter and the new date will
>>be Sep 30th
ame.
>
> [1]
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace
> +realhostip.com+with+Your+Own+Domain+Name
>
>
> Thanks,
> -Nitin
>
> On 05/06/14 4:23 PM, "Animesh Chaturvedi"
> wrote:
>
> >
> >Folks
> >
> &g
ot;
wrote:
>
>Folks
>
>I wanted to provide an update on shutting down of RealhostIp service.
>Citrix has decided to move the date by one quarter and the new date will
>be Sep 30th. The new dates allow users of CloudStack additional time for
>updating their infrastructure.
Folks
I wanted to provide an update on shutting down of RealhostIp service. Citrix
has decided to move the date by one quarter and the new date will be Sep 30th.
The new dates allow users of CloudStack additional time for updating their
infrastructure. While testing Realhostip fixes
Hi,
Does the DNS resolve from your local machine? Is the DNS publicly
resolvable, or is it local to your intranet?
Thanks,
Amogh
On 5/21/14 6:14 PM, "Mo" wrote:
>but I am also still
>unable to proceed in getting console access as it states it's unable to
>resolve the DNS.
>
>All my other DNS re
> http://shapeblue.com/cloudstack/how-to-mitigate-openssl-heartbleed-vulnerability-in-apache-cloudstack/
> >
> >
> >
> >
> > Alex Hitchins | 07788 423 969 | 01892 523 587
> >
> > -Original Message-
> > From: Mo [mailto:m...@daoenix.com]
> > Sent: 22
t; Alex Hitchins | 07788 423 969 | 01892 523 587
>
> -Original Message-
> From: Mo [mailto:m...@daoenix.com]
> Sent: 22 May 2014 02:15
> To: us...@cloudstack.apache.org; dev
> Subject: Proxy Console (RealhostIP Retired) Question
>
> Hello:
>
> I am attempting to f
...@cloudstack.apache.org; dev
Subject: Proxy Console (RealhostIP Retired) Question
Hello:
I am attempting to find more information (read: step by step) how to correct
the issue that came to be when realhostip was retired.
The links I saw suggested I setup the following for every IP address in my DNS
Hello:
I am attempting to find more information (read: step by step) how to
correct the issue that came to be when realhostip was retired.
The links I saw suggested I setup the following for every IP address in my
DNS Zone:
192-168-1-1.cloud.domain.tldINA192.168.1.1
I have done
Hi Wei,
I saw you checkins in various 4.x branches for fixing realhostip hardcoding and
making it work for custom domain. I really appreciate your hard work on that.
I wanted to bring to your notice that there are a number of issues that my
colleague Amogh and I fixed after that for replacing
Reminder, folks - please migrate off realhostip.com or you’re going to get a
nasty surprise this summer. More info at link below.
https://blogs.apache.org/cloudstack/entry/realhostip_service_is_being_retired
+1 on avoiding 8.8.8.8. Nothing good comes from google knowing your dns
resolution history...
(or whatever other free dns resolvers)
On Mar 19, 2014, at 2:08 PM, Nux! wrote:
> On 19.03.2014 19:37, Alex Hitchins wrote:
>> It's my DNS, it just won't play ball with this one domain.
>> I will try
]
Sent: 19 March 2014 21:08
To: dev@cloudstack.apache.org
Subject: RE: RealHostIp
On 19.03.2014 19:37, Alex Hitchins wrote:
> It's my DNS, it just won't play ball with this one domain.
>
> I will try changing it to 8.8.8.8 and see if that makes any different.
> My suspicio
On 19.03.2014 19:37, Alex Hitchins wrote:
It's my DNS, it just won't play ball with this one domain.
I will try changing it to 8.8.8.8 and see if that makes any
different. My suspicion is with BT and their 'smart' filtering.
Thanks to all those who checked for me.
Alex,
Had many issues with
+44 2036 030 540 | M: +44 7788 423 969
alex.hitch...@shapeblue.com
-Original Message-
From: David Nalley [mailto:da...@gnsa.us]
Sent: 19 March 2014 18:40
To: dev@cloudstack.apache.org
Subject: Re: RealHostIp
AFAIK they've never been pingable. Or rather never responded to pings.
--Da
AFAIK they've never been pingable. Or rather never responded to pings.
--David
On Wed, Mar 19, 2014 at 2:04 PM, John Kinsella wrote:
> I can't ping the NS servers, but they do respond to queries...
>
> On Mar 19, 2014, at 2:37 AM, Alex Hitchins
> wrote:
>
>> I
@cloudstack.apache.org
Subject: Re: RealHostIp
AFAIK they've never been pingable. Or rather never responded to pings.
--David
On Wed, Mar 19, 2014 at 2:04 PM, John Kinsella wrote:
> I can't ping the NS servers, but they do respond to queries...
>
> On Mar 19, 2014, at 2:37 AM, Alex Hitchins
&g
I can’t ping the NS servers, but they do respond to queries…
On Mar 19, 2014, at 2:37 AM, Alex Hitchins wrote:
> I can't ping RealHostIp, has the service been properly taken down? An
> NSLOOKUP didn't resolve any nameservers at all.
>
> Alex
>
> .
>
>
Duffy [mailto:i...@ianduffy.ie]
Sent: 19 March 2014 09:52
To: CloudStack Dev
Subject: Re: RealHostIp
Looks OK to me.
$ dig ns realhostip.com +short
ns2.realhostip.com.
ns.realhostip.com.
$ dig @ns.realhostip.com 192-168-0-1.realhostip.com +short
192.168.0.1
$ dig @ns2.realhostip.com 192-168
7;t ping RealHostIp, has the service been properly taken down? An
> NSLOOKUP didn't resolve any nameservers at all.
>
> Alex
>
> .
>
> Need Enterprise Grade Support for Apache CloudStack?
> Our CloudStack Infrastructure
> Support<http://shapeblue.com/cloudstack-inf
I can't ping RealHostIp, has the service been properly taken down? An NSLOOKUP
didn't resolve any nameservers at all.
Alex
.
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure
Support<http://shapeblue.com/cloudstack-infrastructure-support/> off
Done
> -Original Message-
> From: John Kinsella [mailto:j...@stratosec.co]
> Sent: Sunday, March 09, 2014 2:08 PM
> To:
> Subject: [4.3][Cherry-pick] realhostip changes
>
> Animesh - please pick the commit below from 4.3-forward into 4.3. This is
Animesh - please pick the commit below from 4.3-forward into 4.3. This is for
CLOUDSTACK-6204.
2fe7aeea23ddef25224e3e248f0a91513a14811f
John
On 05.03.2014 19:17, Suresh Sadhu wrote:
I have tested with self-signed ssl certificate with my own local
domain name(replaced realhost with my domain by following steps
mentioned in the CTX support article) on my test setup..cpvm
recreated successfully and console access with new domain name
Thanks Nux for sharing the article
and also found below links useful to understand
role of real host ip and how to replace with your own domain name:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Role+of+realhostip+in+CloudStack
,http://support.citrix.com/article/CTX133468
I have
Hi,
Wrote in a hurry a small article about how I got it done:
http://www.nux.ro/archive/2014/03/Run_your_own_realhostip.html
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
On 02.03.2014 19:04, Suresh Sadhu wrote:
In case if you use x.509 complaint certificate and PKCS#8 Private Key
as per cloudstack documentation then we need to provide the details
like below:
1) copy server.crt content [i.e your generated x.509 complaint
certificate content : copy from ' --
ruary 2014 18:30
To: dev@cloudstack.apache.org
Subject: Re: Changing the SSL certificate for my own realhostip
There are three text fields,
(1) copy certificate.crt and ca_bundle.crt, paste into the first text fields.
(2) copy your key to the second
(3) input your domain suffix
2014-02-28 13:23
hip's instructions helped clear the confusion a bit
http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html
Thanks for help.
We really need to get rid of this realhostip. :)
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Hi,
When trying with a self-signed cert I faced similar issues on FF.
Adding it manually into FF (Preferences -> Advanced -> Certificates ->
View Certificates) did it for me.
HTH,
Amogh
On 2/28/14 6:55 AM, "Nux!" wrote:
>On 28.02.2014 14:32, Wei ZHOU wrote:
>> Can you visit the console by IE o
On 28.02.2014 14:32, Wei ZHOU wrote:
Can you visit the console by IE or Chrome?
Hm, indeed, I tried Chromium and Opera and they do not complain. Only
Firefox and Seamonkey:
The certificate is not trusted because no issuer chain was provided.
At least we know the certificates get imported in
Can you visit the console by IE or Chrome?
2014-02-28 15:18 GMT+01:00 Nux! :
> On 28.02.2014 13:57, Wei ZHOU wrote:
>
>> Yes.
>>
>> You need to download the Intermediate CA and import it into Firefox.
>> URL:
>> https://support.comodo.com/index.php?_m=downloads&_a=
>> viewdownload&downloaditemid
On 28.02.2014 13:57, Wei ZHOU wrote:
Yes.
You need to download the Intermediate CA and import it into Firefox.
URL:
https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=122&nav=0,1
Firefox: Tools > Options > Advanced > Certificates/Encryption: View
Certificates > Auth
Yes.
You need to download the Intermediate CA and import it into Firefox.
URL:
https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=122&nav=0,1
Firefox: Tools > Options > Advanced > Certificates/Encryption: View
Certificates > Authorities > Import
2014-02-28 14:50 G
On 28.02.2014 13:45, Wei ZHOU wrote:
Did you use firefox?
Yes, does it matter?
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
gt; (2) copy your key to the second
> (3) input your domain suffix
>
>
> 2014-02-28 13:23 GMT+01:00 Nux! :
>
> Hi,
>>
>> I'm trying to implement my own realhostip and I have a problem with
>> adding the certificate.
>>
>> What I have is a Como
Did you use firefox?
2014-02-28 14:07 GMT+01:00 Nux! :
> On 28.02.2014 12:59, Wei ZHOU wrote:
>
>> There are three text fields,
>> (1) copy certificate.crt and ca_bundle.crt, paste into the first text
>> fields.
>> (2) copy your key to the second
>> (3) input your domain suffix
>>
>
> This I hav
On 28.02.2014 12:59, Wei ZHOU wrote:
There are three text fields,
(1) copy certificate.crt and ca_bundle.crt, paste into the first text
fields.
(2) copy your key to the second
(3) input your domain suffix
This I have already done and while I got no error in the UI, when
trying to open up the c
There are three text fields,
(1) copy certificate.crt and ca_bundle.crt, paste into the first text
fields.
(2) copy your key to the second
(3) input your domain suffix
2014-02-28 13:23 GMT+01:00 Nux! :
> Hi,
>
> I'm trying to implement my own realhostip and I have a problem wit
Hi,
I'm trying to implement my own realhostip and I have a problem with
adding the certificate.
What I have is a Comodo wildcard ca_bundle, crt and key in pem format
(for use with Apache HTTPD) and Cloudstack is asking for "X.509
compliant SSL certificate" and "PKCS#8
64 matches
Mail list logo
