4.22.1.0 KVM — agent SSL handshake fails, cert-import leaves agent self-signed #13572
Unanswered
d-chatterjee60
asked this question in
Q&A
Replies: 1 comment 1 reply
-
|
@d-chatterjee60
|
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
After recovering from a DB/keystore issue, management presents its cert fine on 8250 (openssl s_client shows CN=ca.cloudstack.apache.org). But adding a KVM host fails: SSH auth OK, ls /dev/kvm OK, keystore-setup OK, then keystore-cert-import runs but the agent's cloud.jks keeps its self-signed cert (Issuer: CN=HV-1) instead of a management-signed one. Agent then fails SSL handshake with NEED_UNWRAP timeout on 8250. RootCAProvider logs "Creating new management server certificate and keystore" every boot and doesn't load the keystore DB root row. How do I get CAManager to actually sign and return the agent's certificate?
Beta Was this translation helpful? Give feedback.
All reactions