THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
mysql> desc keystore;
+---------------+---------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+---------------------+------+-----+---------+----------------+
| id | bigint(20) unsigned | NO | PRI | NULL | auto_increment |
| name | varchar(64) | NO | UNI | NULL | |
| certificate | text | NO | | NULL | |
| key | text | YES | | NULL | |
| domain_suffix | varchar(256) | NO | | NULL | |
| seq | int(11) | YES | | NULL | |
+---------------+---------------------+------+-----+---------+----------------+
SSVM
- SecStorageSetupCommand -
- All ssvms are rebooted when UploadCustomCertificate is invoked for server cert and private key. As part of ssvm agent connect with MS, a command called SecStorageSetupCommand containing all the certs and the key is sent to ssvm (you wont see the certs as it is sensitive information and not logged).
- On the ssvm side the root cert is inserted into the keystore.
- For apache server a server cert. file, a key file and a certificate chain file (consisting of certs from root cert to the intermediate cert) are created in the appropriate location and location put into the config file.
- SSVM acts as a server for download template/volume/iso operations and during copyTemplate if it is in the source zone. It uses an Apache webserver when acting as server.
- Apache server should have the latest key and server cert under the following location - /etc/ssl/private/cert_apache.key and /etc/ssl/certs/cert_apache.crt
/etc/apache2/sites-available/default-ssl is the config file for apache server where we configure the chain location (and , server cert with and private key )are configured.
- Server When client contacts the apache server it needs to present the entire chain of certificate certificates to the client.
- It acts as a client during copyTemplate operation if it is in the destination zone. SSVM uses a Java client when acting as a client.
- SSVM has a java keystore which should have the root certificate in the keystore so that when it tries to download from the url it can validate the chain presented by the server against the known root here.
Use the command below to list all certs in the keystore
keytool -list -keystore /usr/local/cloud/systemvm/certs/realhostip.keystore -storepass vmops.com
When UploadCustomCertificate is invoked for server cert and private key the ssvm is rebooted and as part of ssvm agent connect with MS, a command called SecStorageSetupCommand containing the certs is sent to ssvm. which - SSVM has a java keystore which should have the root certificate in the keystore so that when it tries to download from the url it can validate the chain presented by the server against the known root here.
CPVM
- CPVM acts as a server only and uses Java HTTP server
...
Overview
Content Tools
Apps