Open Stack

Hi Doctor,

On Fri, Oct 25, 2013 at 11:59 AM, Bryan D. Payne <bdpayne at acm.org> wrote:
> Are you talking about setting up the operating system (and it's various
> applications) such that all of the keys are generated uniquely?  If so, this
> is very deployment specific and difficult to generalize on.  If not, could
> you provide some more detail on what you are asking?
I'd be interested in both OS and OpenStack since I've never seen a
definitive guide on either. There's no telling what I might have
missed as I go rummaging for the keys.

For example under Havana, I noticed Keystone created a CA key and cert
for www.example.com; and created a Signing key and cert for
www.example.com.

Jeff

> On Fri, Oct 25, 2013 at 12:25 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>>
>> I was reading through the OpenStack Security Guide dated Oct 25 2013
>> for Havana (http://docs.openstack.org/sec/). Good job on that, by the
>> way.
>>
>> Does anyone have a list of steps to perform to prepare or condition
>> long term keys? For example, SSH keys should be regenerated, Samba's
>> secret should probably be recreated (if present), Ubuntu's Snake Oil
>> key should probably be deleted (if present), etc.
>>
>> I'm interested in both the bare metal OS and VM instances. (VM
>> instances are somewhat covered under Chapter 43).