[openstack-dev] [Neutron][LBaaS] SSL Termination write-up

Stephen Gran stephen.gran at guardian.co.uk
Wed Nov 20 09:30:45 UTC 2013


On Wed, 2013-11-20 at 08:24 +0000, Samuel Bercovici wrote:
> Hi,
> Evgeny has outlined the wiki for the proposed change at:
> https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL which is in line
> with what was discussed during the summit.
> The
> https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2nYTvMkMJ_inbo/edit discuss in addition Certificate Chains.
> What would be the benefit of having a certificate that must be
> connected to VIP vs. embedding it in the VIP?

You could reuse the same certificate for multiple loadbalancer VIPs.
This is a fairly common pattern - we have a dev wildcard cert that is
self-signed, and is used for lots of VIPs.

> When we get a system that can store certificates (ex: Barbican), we
> will add support to it in the LBaaS model.

It probably doesn't need anything that complicated, does it?

Stephen Gran
Senior Systems Integrator - The Guardian

Please consider the environment before printing this email.
Visit theguardian.com   

On your mobile, download the Guardian iPhone app theguardian.com/iphone and our iPad edition theguardian.com/iPad   
Save up to 33% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access.
Visit subscribe.theguardian.com

This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.
Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.
Guardian News & Media Limited
A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
Registered in England Number 908396


More information about the OpenStack-dev mailing list