Re: AW:https Repo links don't work

[Sudhansu Sahu]

I have created below defect for this. 
https://issues.apache.org/jira/browse/CLOUDSTACK-10112


Sent from my iPhone

On 17-Oct-2017, at 1:56 PM, Benjamin Naber 
<benjamin.na...@coders-area.de<mailto:benjamin.na...@coders-area.de>> wrote:

Hi Sudhansu,

that fix worked for me. thanks for your help.

Kind regards

Benjamin
Sudhansu Sahu 
<sudhansu.s...@accelerite.com<mailto:sudhansu.s...@accelerite.com>> hat am 17. 
Oktober 2017 um 10:03 geschrieben:

For realhostip.keystore the password is ‘vmops.com<http://vmops.com>’. and for 
java keystore the password is ‘changeit’.

Thanks
Sudhansu Sahu

On 10/17/17, 1:29 PM, "Benjamin Naber" 
<benjamin.na...@coders-area.de<mailto:benjamin.na...@coders-area.de>> wrote:

Hi Sudhansu,

ty for the tip ! do you know the default password for the keystore on the 
secondary storage vm ?

Kind regards

Benjamin

Sudhansu Sahu 
<sudhansu.s...@accelerite.com<mailto:sudhansu.s...@accelerite.com>> hat am 17. 
Oktober 2017 um 06:25 geschrieben:

In SSVM default java keystore is overriden by "realhostip.keystore" and does 
not have necessary certificates.

Import all java cacerts to 
‘/usr/local/cloud/systemvm/certs/realhostip.keystore’.

keytool -importkeystore –srckeystore -destkeystore 
/usr/local/cloud/systemvm/certs/realhostip.keystore

Thanks
Sudhansu Sahu

On 10/16/17, 9:25 PM, "Rafael Weingärtner" 
<raf...@autonomiccs.com.br<mailto:raf...@autonomiccs.com.br>> wrote:

Well, if everything is there, then you should not see this error of
unable to build the certification path.

Then, it would be a good idea to check which cacerts Java is using.

On 10/16/2017 1:54 PM, Benjamin Naber wrote:

Hi Rafael,

i exported the Keystore to textfile and checked fingerprints.

root CAs also in the Keystore.

Kind Regards

Benjamin

Rafael Weingärtner 
<raf...@autonomiccs.com.br<mailto:raf...@autonomiccs.com.br>> hat am 16. 
Oktober 2017 um 17:45 geschrieben:

How did you check the certificates? Did you list and checked by name? Or
by fingerprint?

Also, did you check if the root CA was there as well? For instance, the
Let's encrypt root CA is "DST Root CA X3" (the CA that signs let's
encrypt CA's certificate)

On 10/16/2017 1:42 PM, Benjamin Naber wrote:

Hi Rafael,

ive allready checked the Java Keystore. All Certificates are included.

Im using ACS 4.10

Kind Regards

Benjamin

Benjamin Naber 
<benjamin.na...@coders-area.de<mailto:benjamin.na...@coders-area.de>> hat am 
16. Oktober 2017 um 17:26 geschrieben:

Hi Rafael,

Currently no ssl Backlund works. Also COMODO Certificates don't work.

Kind Regards

Benjamin

Von meinem Huawei-Mobiltelefon gesendet

-------- Originalnachricht --------
Betreff: Re: https Repo links don't work
Von: Rafael Weingärtner 
<raf...@autonomiccs.com.br<mailto:raf...@autonomiccs.com.br>>
An: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Cc:

Probably the let´s encrypt CA is not in your java keystore. You will
need to add it.

On 10/16/2017 1:13 PM, Benjamin Naber - NETFORMIC GmbH wrote:

Hi together,

i have an issue deploying templates with https Repo Links.

When i create a global template like debian stretch netinstall and the
ISO file is located on a https backlink
(https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso)
<https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso%29>.

the following error occours:

sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

OS: CentOS7

CS Version: 4.10 from http://cloudstack.apt-get.eu/centos/7/4.10/
<http://cloudstack.apt-get.eu/centos/7/4.10/>

Did anyone managed to fix it?

Kind Regards

*Benjamin Naber*

System Administrator

Telefon: +49 (0)711 761642-445
benjamin.na...@netformic.de<mailto:benjamin.na...@netformic.de>

<https://netformic.de/>

*NETFORMIC GmbH*
HRB 720729, Amtsgericht Stuttgart
USt-IdNr.: DE814688053
Geschäftsführer: Jens Rilling, Timo Weltner

*Stuttgart*
Hermannstraße 5A, 70178 Stuttgart
Telefon: +49 (0)711 761642-0, Fax: -26

*Berlin*
Fanny-Zobel-Straße 11, 12435 Berlin

Telefon: +49 (0)30 60984747-0, Fax: -9
--

Rafael Weingärtner
--
Rafael Weingärtner

___________________________________________________
Benjamin Naber • Holzstraße 7 • D-73650 Winterbach
Mobil: +49 (0) 152.34087809
E-Mail: benjamin.na...@coders-area.de<mailto:benjamin.na...@coders-area.de>

___________________________________________________
Diese E-mail einschließlich eventuell angehängter Dateien enthält vertrauliche 
und / oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige 
Adressat sind und diese E-mail irrtümlich erhalten haben, dürfen Sie weder den 
Inhalt dieser E-mail nutzen noch dürfen Sie die eventuell angehängten Dateien 
öffnen und auch keine Kopie fertigen oder den Inhalt weitergeben / verbreiten. 
Bitte verständigen Sie den Absender und löschen Sie diese E-mail und eventuell 
angehängte Dateien umgehend.

--
Rafael Weingärtner

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.