[Openstack] SSL cert issue on openstack client
Erik McCormick
emccormick at cirrusseven.com
Wed Mar 23 13:52:14 UTC 2016
You may want to try updating the system CA certs. Download both the
root and current intermediate certificate from Geotrust and copy them
to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust. I had
some issues with newer GoDaddy certificates and this fixed me up.
You'd need to do this on any node accessing the APIs.
-Erik
On Wed, Mar 23, 2016 at 7:20 AM, Dean Troyer <dtroyer at gmail.com> wrote:
> On Tue, Mar 22, 2016 at 7:41 PM, Jagga Soorma <jagga13 at gmail.com> wrote:
>>
>> However my mac os x desktop does that without any issues. I was able
>> to get around this on my CentOS server by downloading the
>> GeoTrust_CA_Bundle.crt locally and using "export
>> OS_CACERT=/var/tmp/GeoTrust_CA_Bundle.crt". However, I don't want to
>> have all my users to have to do this. Is there a way around this on
>> CentOS/Ubunut? I thought this would be part of the ssl chain included
>> on these distributions.
>
>
> There are a couple of possibilities to explain the different behaviour, but
> some additional information is required to pinpoint the issue. How was OSC
> installed on the CentOS systems? (I presume that it was installed via pip
> on OS/X.)
>
> Some (if not all) packagers unbundle the urllib3 module that is included in
> the requests PyPI package. requests also includes its own CA bundle and
> this is also changed to use the system CA bundle/certs by some packagers.
>
> dt
>
> --
>
> Dean Troyer
> dtroyer at gmail.com
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
More information about the Openstack
mailing list