<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi, all<br>
    <br>
    <br>
    I have a mitaka environment created by packstack, and i tried to
    configure the keystone to use ssl, but failed, can anyone help me?<br>
    # keystone is a wsgi service now.<br>
    <br>
    <br>
    Configure steps are as following:<br>
    ===============<br>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    # keystone-manage ssl_setup --keystone-user keystone
    --keystone-group keystone<br>
    # chown -R keystone:keystone /etc/keystone/ssl<br>
    # keystone endpoint-create --service keystone --region RegionOne
    --publicurl<a href="https://%7BkeystoneHost%7D:5000/v2.0">
      https://{FQDN}:5000/v2.0</a> --internalurl<a
      href="https://%7BkeystoneHost%7D:35357/v2.0">
      <a class="moz-txt-link-freetext" href="https://">https://</a>{FQDN}:5000/v2.0</a> --adminurl<a
      href="https://%7BkeystoneHost%7D:35357/v2.0">
      <a class="moz-txt-link-freetext" href="https://">https://</a>{FQDN}:35357/v2.0</a><br>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    # cat /etc/keystone/keystone.conf<br>
      ... ...<br>
      [ssl]<br>
      enable=True<br>
      certfile = /etc/keystone/ssl/certs/keystone.pem<br>
      keyfile = /etc/keystone/ssl/private/keystonekey.pem<br>
      ca_certs = /etc/keystone/ssl/certs/ca.pem<br>
      ca_key = /etc/keystone/ssl/private/cakey.pem<br>
    <br>
    # cat keystonerc_admin <br>
    ... ...<br>
    export OS_AUTH_URL=<a class="moz-txt-link-freetext" href="https://FQDN:5000/v2.0">https://FQDN:5000/v2.0</a><br>
    <br>
    <br>
    # keystone endpoint-delete Old_Endpoint_For_Keystone<br>
    Unable to delete endpoint.<br>
    <br>
    <br>
    # systemctl restart httpd<br>
    # source keystonerc_admin<br>
    <br>
    # openstack project list<br>
    Discovering versions from the identity service failed when creating
    the password plugin. Attempting to determine version from URL.<br>
    SSL exception connecting to <a class="moz-txt-link-freetext" href="https://FQDN:5000/v2.0/tokens">https://FQDN:5000/v2.0/tokens</a>: [SSL:
    UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)<br>
    ===============<br>
    <br>
    Regards,<br>
    Kenn<br>
  </body>
</html>