[Openstack] SSL enabled Keystone using external CA
mohammad kashif
kashif.alig at gmail.com
Tue Nov 4 16:57:31 UTC 2014
Hi
I am trying to setup ssl enabled keystone using external CA
my keystone.conf settings regarding ssl are
[signing]
certfile=/etc/grid-security/cert.pem
keyfile=/etc/grid-security/key.pem
ca_certs=/etc/grid-security/certificates/UKeScienceRoot-2007.pem
key_size=2048
cert_subject=< DN of cert>
[ssl]
enable=True
certfile=/etc/grid-security/cert.pem
keyfile=/etc/grid-security/key.pem
ca_certs=/etc/grid-security/certificates/UKeScienceRoot-2007.pem
cert_subject=<DN of Cert>
I commented out "ca_key" parameter which I think not needed for external ca
certificate .
I can query keystone on https endpoint with --insecure option but without
--insecure option, it is failing with this error
INFO:urllib3.connectionpool:Starting new HTTPS connection (1): 192.168.31.1
SSL exception connecting to https://192.168.31.1:35357/v2.0/users
I alsto tried with --os_cacert option.
I am using openstack icehouse.
Can some one help me in troubleshooting this problem ?
Regards
Kashif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20141104/bcdeb54f/attachment.html>
More information about the Openstack
mailing list