Hi There, The url's that are being generated are of the form:
https://192-168-2-15.random.net Which all looks fine. The secstorage.ssl.cert.domain parmater is set to *.random.net >From the ssvm I ran the following: openssl s_client -connect 192-168-2-15.random.net:443 Which then seemed to complain about the root cert. I guess the provider we have used does not have it's trusted root cert in the new ssvm template. Perhaps a consequence of the move to java7 within the templates? As I say, this all worked fine in 4.3. So either we have to load this cert in every time we launch a fresh ssvm, or we somehow build our own ssvm template with the root cert baked into the image. When you add a new cert to the environment, does it push the root cert to the ssvm? Has it ever been possible to use a self signed cert? Thanks! On Fri, Jul 31, 2015 at 10:34 AM, Thomas Moroder <[email protected]> wrote: > We are hitting an issue very similar to the below when trying to copy >> templates between zones: >> https://issues.apache.org/jira/browse/CLOUDSTACK-1475 >> We are using our own wildcard cert for this parameter: >> secstorage.ssl.cert.domain >> We weren't having any issues when using 4.3. Has anyone run into this? >> > > I guess the certificate controls are more strict. Are you sure your > wildcard certificate is for *.ssl.cert.domain and not *.cert.domain? > Subdomains are not included in the wildcard-certificate. > > Sincerely, > Thomas Moroder > > > -- > Incubatec GmbH - Srl > Via Scurcia'str. 36, 39046 Ortisei(BZ), ITALIA > Registered with the chamber of commerce of Bolzano the 8th of November > 2001 with > REA-No. 168204 (s.c. of EUR 10.000 f.p.u.) > President: Thomas Moroder, VAT-No. IT 02283140214 > Tel: +39.0471796829 - Fax: +39.0471797949 > > IMPRINT: > http://www.incubatec.com/imprint.html > PRIVACY: > http://www.server24.it/informativa_completa.html > >
