Our documented procedure for updating console proxy SSL is: 1. Load cert through CloudStack UI, wait for Console Proxy VMs to restart 2. If this is the first installation of SSL certificate, ensure Settings consoleproxy.sslEnabled and consoleproxy.url.domain are set correctly 3. Restart CloudStack Management Service
Once it's working you should be able to access the console proxy over https, which should be enough for you to confirm the correct cert is there. Regards, Richard On Tue, 8 Dec 2020 at 18:31, Corey, Mike <[email protected]> wrote: > Hi, > > I believe I have configured the console proxy correctly but I'd like to > verify the console proxy is using my wildcard certificate. When I loaded > the wildcard cert, root, and sub root, key, etc. through the CS portal I > got a "succeed" message and the system vms reloaded, but the console isn't > loading. > > How can I verify the Console VM is using my custom wildcard cert? Is it an > openssl command or a mysql query? > > What logs should I be looking for an error message as to why my console > window is blank? > > The public IP of the console proxy vm is in DNS and resolves. The > management log shows that the url is being provided but again just a blank > window. > > 2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet] > (qtp1497845528-16:null) (logid:) Compose console url: http://< > I-P.domain.name > >/ajax?token=mORLUQO3R5lrOdIrRZsozUg2LnLTx5jGtgJnhHRX_-1WmlyxDZzQsaZ7nmuU_KFpd9egjZtkx74ftae3wUpF2IdvRKy7HlYodQBtQf9ldJvZhYNr1GOnxWJYZAAxTPatkVhbVg9Q9gJqFVXB5ebphg1MyGzktZgu6I5VwweGtH2tJcBFqOeUH7utMAzOeGdQW6RXZXi3HWjUSnWs4AzxwX53yFGiS1nOB2lCqAkz8-PUkx7qvfDFkxLEs6iVYTNTaowejHS13_yHeSf7t_xQFkXs1MeQNqEUcBAFaevWbSg&guest=windows > 2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet] > (qtp1497845528-16:null) (logid:) the console url is :: > <html><title>CV-Oct14-T20</title><frameset><frame src="http://< > I-P.domain.name > >//ajax?token=mORLUQO3R5lrOdIrRZsozUg2LnLTx5jGtgJnhHRX_-1WmlyxDZzQsaZ7nmuU_KFpd9egjZtkx74ftae3wUpF2IdvRKy7HlYodQBtQf9ldJvZhYNr1GOnxWJYZAAxTPatkVhbVg9Q9gJqFVXB5ebphg1MyGzktZgu6I5VwweGtH2tJcBFqOeUH7utMAzOeGdQW6RXZXi3HWjUSnWs4AzxwX53yFGiS1nOB2lCqAkz8-PUkx7qvfDFkxLEs6iVYTNTaowejHS13_yHeSf7t_xQFkXs1MeQNqEUcBAFaevWbSg&guest=windows"></frame></frameset></html> > > From: Corey, Mike <[email protected]> > Sent: Monday, December 7, 2020 12:02 PM > To: [email protected] > Subject: [CAUTION] Console Proxy on VMware ESXi? > > Hi, > > Is there still a requirement to modify the ESXi firewall for VM console > proxy? Documented process is for older version so I wasn't sure if it was > still relevant for ESXi 6.5 and 6.7+. I ask because when I launch the VM > proxy I just get a blank window. Any ideas on how I can troubleshoot? > > Extend Port Range for CloudStack Console Proxy > (Applies only to VMware vSphere version 4.x) > You need to extend the range of firewall ports that the console proxy > works with on the hosts. This is to enable the console proxy to work with > VMware-based VMs. The default additional port range is 59000-60000. To > extend the port range, log in to the VMware ESX service console on each > host and run the following commands: > esxcfg-firewall -o 59000-60000,tcp,in,vncextras > esxcfg-firewall -o 59000-60000,tcp,out,vncextras > > > Thanks! > > Mike > > > Mike Corey > > Technology Senior Consultant, IT CS CTW Operation & Virtualization Service > US > > SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United > States > > T +1 610 661 0905, M +1 484 274 2658, E [email protected]<mailto: > [email protected]> > > > [cid:[email protected]] > > >
