Monthly Archives: July 2014
SSL fingerprint mismatch
Actually i do not have something more then what you find from google but have some correction or if you have some misunderstanding maybe i can help
We have two vCloud Director cells , mostly configurations are single cell
We fallowed this article http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2021877
if you have pfx pls start from step 2
in article alias numer shown like one but i saw that its like a GUID number, very long id
Also if you create a new key store, mostly no need to add root and intermediate certificates but if you want you can import too ! I have some links for keytool which can be helpful
Included root certificates in java http://superuser.com/questions/55470/which-trusted-root-certificates-are-included-in-java
How to import root and intermediate certificates to keystore http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html and http://www.sslshopper.com/tomcat-ssl-installation-instructions.html
What is not described if you have multiple cells you have to apply “To update the vCloud Director cell service:” section for all , when you start to activate its saying DB updated bla bla and you fill like no need to touch other cells , but you have too …
Actually load balancer persistence option do not solve any problem
Also this problem is not available in older versions
SSL Offload, many word on google actually no way to do SSL Offload because cell do not accept connection from port 80 BUT on load balancer you can configure port 443 and access backend via 443 too !
Need to know something about pfx , pkcs
http://en.wikipedia.org/wiki/PKCS
http://security.stackexchange.com/questions/29425/difference-between-pfx-and-cert-certificates
Regards
VM