Open Stack

Python's requests module is unable to verify the cert. To check the default
location of trusted root ca used by requests module, run this command:

bash# python -mrequests.certs

It will give you some location in output. Dump the contents of
GeoTrust_CA_Bundle.crt
to the end of this file.

To test if its working fine, use these steps:-
[bash]$ python
Python 2.7.5
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get("https://xxx.yyy.com:5000")
<Response [300]>
>>>

Instead of response 300, if you are still getting error here, it means the
cert is not correct or its unable to find the rootCA in the provided
location.

*Rahul Sharma*
*MS in Computer Science, 2016*
College of Computer and Information Science, Northeastern University
Mobile:  801-706-7860
Email: rahulsharmaait at gmail.com

On Tue, Mar 22, 2016 at 8:41 PM, Jagga Soorma <jagga13 at gmail.com> wrote:

> However my mac os x desktop does that without any issues.  I was able
> to get around this on my CentOS server by downloading the
> GeoTrust_CA_Bundle.crt locally and using "export
> OS_CACERT=/var/tmp/GeoTrust_CA_Bundle.crt".  However, I don't want to
> have all my users to have to do this.  Is there a way around this on
> CentOS/Ubunut?  I thought this would be part of the ssl chain included
> on these distributions.
>
> Thanks
>
> On Tue, Mar 22, 2016 at 5:38 PM, CHOW Anthony
> <anthony.chow at al-enterprise.com> wrote:
> > It seems like your CentOS 7 server is not able to verify the KeyStone
> server's certificate.
> >
> >         [Errno 1] _ssl.c:504: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate       verify failed
> >
> > Interesting issue.
> >
> > Anthony.
> > -----Original Message-----
> > From: Jagga Soorma [mailto:jagga13 at gmail.com]
> > Sent: Tuesday, March 22, 2016 5:18 PM
> > To: openstack
> > Subject: [Openstack] SSL cert issue on openstack client
> >
> > Hi Guys,
> >
> > I am new to openstack and currently have a openstack environment that
> seems to have ssl enabled.  From my mac I am able to use the openstack api
> without any issues and without having to do anything for ssl.
> > However, from my CentOS 7.1 server I get the following error message:
> >
> > --
> > bash-4.2$ openstack image list
> > Discovering versions from the identity service failed when creating the
> password plugin. Attempting to determine version from URL.
> > SSL exception connecting to https://xxx.yyy.com:5000/v3/auth/tokens:
> > [Errno 1] _ssl.c:504: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> > --
> >
> > I do seem to have the ca certificates installed:
> >
> > --
> > $ rpm -qa | grep -i ca-cert
> > ca-certificates-2015.2.4-70.0.el7_1.noarch
> > --
> >
> > Is there something extra that I need to do in order to get the openstack
> api working on CentOS?
> >
> > Not having much luck with this.  Any help would be appreciated.
> >
> > Thanks!
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160322/2a38a726/attachment.html>