[openstack-dev] [tripleo] TLS by default

Julia Kreger juliaashleykreger at gmail.com
Wed Mar 14 23:51:14 UTC 2018

On Wed, Mar 14, 2018 at 4:52 AM, Dmitry Tantsur <dtantsur at redhat.com> wrote:
> Just to clarify: only for public endpoints, right? I don't think e.g.
> ironic-python-agent can talk to self-signed certificates yet.

For what it is worth, it is possible for IPA to speak to a self signed
certificate, although it requires injecting the signing private CA
certificate into the ramdisk or iso image that is being used. There
are a few other options that can be implemented, but those may also
lower overall security posture.

More information about the OpenStack-dev mailing list