cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Lawley <rich...@richardlawley.com>
Subject Management Server Certificate on port 8250
Date Thu, 29 Aug 2019 12:50:44 GMT
I've just added a second management server to my setup, but I'm
getting an SSL handshake error when the mgmt servers try to talk to
each other on port 8250.  My reading of the error suggests that the
certificate has the IP of the mgmt server as an Alternative Name - the
problem is here that we changed the IP of the old server at some
point, but the old IP is not listed in Alternative Names.

Where is the certificate for the services on port 8250 stored, and how
would I trigger this to be replaced?

2019-08-29 13:40:07,581 ERROR [c.c.u.n.Link]
(AgentManager-SSLHandshakeHandler-1:null) (logid:) SSL error caught
during wrap data: General SSLEngine problem, for local
address=/10.221.50.10:8250, remote address=/10.225.1.2:58780. │
2019-08-29 13:40:07,719 DEBUG [o.a.c.c.p.RootCACustomTrustManager]
(pool-9-thread-1:null) (logid:) A client/agent attempting connection
from address=10.225.1.2 has presented these certificate(s): │
Certificate [1] : │
Serial: 8fda4eed1f012bb4 │
Not Before:Tue Aug 27 23:28:14 BST 2019 │
Not After:Fri Aug 20 11:28:14 BST 2049 │
Signature Algorithm:SHA256withRSA │
Version:3 │
Subject DN:CN=CS-TESTLAB-01.xxxxx │
Issuer DN:CN=ca.cloudstack.apache.org │
Alternative Names:[[7, XX.XX.XX.XX], [7,
fe80:0:0:0:215:5dff:fe01:b14], [2, CS-TESTLAB-01.xxxxx]] │
Certificate [2] : │
Serial: 4207227d2e1d5475 │
Not Before:Mon Feb 04 23:19:42 GMT 2019 │
Not After:Thu Jan 28 11:19:42 GMT 2049 │
Signature Algorithm:SHA256withRSA │
Version:3 │
Subject DN:CN=ca.cloudstack.apache.org │
Issuer DN:CN=ca.cloudstack.apache.org │
Alternative Names:null

The old IP listed in Alternative Names is no longer valid, so I
suspect I need to get this certificate regenerated.

Regards,

Richard

Mime
View raw message