<div dir="ltr">Thanks Bryan & Nathan for your replies.<div><br></div><div>Bryan, </div><div>1. does this mean SSL support is not present for nova/glance API directly? </div><div>2. Also, do we need to make use of SSL proxy terminator along with enabling SSL in keystone service (which seems to have SSL functionality implemented for this service)?</div>
<div>3. From the given link, I see the virtual host entries for 80 (Dashboard) and for 8447 (nova compute) ports. Do we need to add for other end point URL (excluding keystone service) as well, right?</div><div><br></div>
<div><br></div></div><div class="gmail_extra"><br clear="all"><div>Regards,<br>Hassan</div>
<br><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 10:00 PM, Bryan D. Payne <span dir="ltr"><<a href="mailto:bdpayne@acm.org" target="_blank">bdpayne@acm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hassan,<div><br></div><div>In a production setting, the preferred way to do this is with an SSL terminator. There are some details in the OpenStack Security Guide:</div><div><br></div><div><a href="http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html" target="_blank">http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html</a><br>
</div><div><br></div><div>Cheers,</div><div>-bryan</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Wed, Nov 13, 2013 at 5:59 PM, Hassan Shaik <span dir="ltr"><<a href="mailto:hshaik@gmail.com" target="_blank">hshaik@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hello Openstack security experts,<div><br></div><div>I am trying to enable SSL/HTTPS in openstack REST API for all services (nova/glance endpoint URL). However, I see the documentation to enable SSL on keystone service alone.</div>
<div><br></div><div><a href="http://docs.openstack.org/grizzly/openstack-compute/admin/content//keystone-ssl.html" target="_blank">http://docs.openstack.org/grizzly/openstack-compute/admin/content//keystone-ssl.html</a><br>
</div><div><a href="http://docs.openstack.org/developer/keystone/configuration.html" target="_blank">http://docs.openstack.org/developer/keystone/configuration.html</a><br>
</div><div><br></div><div>1. Am I missing something? Is SSL/HTTPS supported for nova/glance API too?</div><div>2. Also, when I try to enable SSL in keystone service, all nova/glance CLI fail to work after the change. And, the debug shows it is trying to make use of http even after enabling SSL.</div>
<div><br></div><div><div># nova --debug list</div><div><br></div><div>REQ: curl -i <b>http</b>://openstack-ip:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "admin_pass"}}}'</div>
<div><br></div><div>Appreciate your help.</div><div><br></div><div>Thanks,<br>Hassan</div>
</div></div>
<br></div></div><div class="im">_______________________________________________<br>
Openstack-security mailing list<br>
<a href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
<br></div></blockquote></div><br></div>
</blockquote></div><br></div>