|
|
- #!/bin/sh
-
- # Temporarily permit non-SSL connections to port 8250
- # Fixes cloudstack-management error 'SSL error caught during wrap data: Empty server certificate chain, for local address ...'
-
- # Use only while setting up CloudStack. Provide proper values for production environment.
-
- mysql -u cloud -pcloud -e \
- "
- USE cloud;
- UPDATE configuration SET value='false' WHERE name='ca.plugin.root.auth.strictness';
- "
-
- # CloudStack Management server configuration for SSL authentication.
- # Recommended to be configured via web UI although direct SQL updates are technically possible.
-
- # ca.framework.provider.plugin The configured CA provider plugin
- # ca.framework.cert.keysize The key size used for certificate generation
- # ca.framework.cert.signature.algorithm The certificate signature algorithm
- # ca.framework.cert.validity.period Certificate validity in days
- # ca.framework.cert.automatic.renewal Whether to auto-renew expiring certificate on hosts
- # ca.framework.background.task.delay The delay between each CA background task round in seconds
- # ca.framework.cert.expiry.alert.period The number of days to check and alert expiring certificates
- # ca.plugin.root.private.key (hidden/encrypted in database) Auto-generated CA private key
- # ca.plugin.root.public.key (hidden/encrypted in database) CA public key
- # ca.plugin.root.ca.certificate (hidden/encrypted in database) CA certificate
- # ca.plugin.root.issuer.dn The CA issue distinguished name used by the root CA provider
- # ca.plugin.root.auth.strictness Setting to enforce two-way SSL authentication and trust validation
- # ca.plugin.root.allow.expired.cert Setting to allow clients with expired certificates
-
- # Ref: http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html
|