[openstack-dev] [Neutron][LBaaS]TLS API support for authentication

John Dennis jdennis at redhat.com
Fri May 23 14:11:26 UTC 2014


Using standard formats such as PEM and PKCS12 (most people don't use
PKCS8 directly) is a good approach. Be mindful that some cryptographic
services do not provide *any* direct access to private keys (makes
sense, right?). Private keys are shielded in some hardened container and
the only way to refer to the private key is via some form of name
association. Therefore your design should never depend on having access
to a private key and should permit having the private key stored in some
type of secure key storage.

-- 
John



More information about the OpenStack-dev mailing list