[Openstack-security] Enabling SSL/HTTPS for REST API
Nathan Kinder
nkinder at redhat.com
Thu Nov 14 03:28:34 UTC 2013
On 11/13/2013 05:59 PM, Hassan Shaik wrote:
> Hello Openstack security experts,
>
> I am trying to enable SSL/HTTPS in openstack REST API for all services
> (nova/glance endpoint URL). However, I see the documentation to enable
> SSL on keystone service alone.
>
> http://docs.openstack.org/grizzly/openstack-compute/admin/content//keystone-ssl.html
> http://docs.openstack.org/developer/keystone/configuration.html
>
> 1. Am I missing something? Is SSL/HTTPS supported for nova/glance API too?
> 2. Also, when I try to enable SSL in keystone service, all nova/glance
> CLI fail to work after the change. And, the debug shows it is trying
> to make use of http even after enabling SSL.
Do you have "auth_protocol" set to http in the [keystone_authtoken]
section of nova.conf? You can try commenting that out, or setting it to
https.
Thanks,
-NGK
>
> # nova --debug list
>
> REQ: curl -i *http*://openstack-ip:5000/v2.0/tokens -X POST -H
> "Content-Type: application/json" -H "Accept: application/json" -H
> "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin",
> "passwordCredentials": {"username": "admin", "password": "admin_pass"}}}'
>
> Appreciate your help.
>
> Thanks,
> Hassan
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131113/fbc49000/attachment.html>
More information about the Openstack-security
mailing list