[Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL

Jesse Keating jlk at bluebox.net
Wed Feb 11 00:38:13 UTC 2015

On 2/10/15 3:40 PM, Gui Maluf wrote:
> Something wrong with my certificates and Keystone, cause changing to
> self-signed certificates everything is working.

There is an undocumented (in the usual places) for keystone middleware 
to point at the CA file for your certificates.


Of note,

cafile: (optional, defaults to use system CA bundle) the path to a PEM 
encoded CA file/bundle that will be used to verify HTTPS connections.

These go in each of your API services' [keystone_authtoken] section, 
which configures keystone middleware.

I've filed a bug already that this documentation doesn't exist in the 
config references for each service.


More information about the OpenStack-operators mailing list