Hi, I'm not familiar with kolla, but the docs also mention this option: kolla_copy_ca_into_containers: "yes" As I understand it the CA cert is required within the containers so they can trust the self-signed certs. At least that's how I configure it in a manually deployed openstack cloud. Do you have that option enabled? If it is enabled, did you verify it with openssl tools? Regards, Eugen Zitat von wodel youchi <wodel.youchi@gmail.com>:
Some help please.
On Tue, Nov 8, 2022, 14:44 wodel youchi <wodel.youchi@gmail.com> wrote:
Hi,
To deploy Openstack with a self-signed certificate, the documentation says to generate the certificates using kolla-ansible certificates, to configure the support of TLS in globals.yml and to deploy.
I am facing a problem, my old certificate has expired, I want to use a self-signed certificate. I backported my servers to an older date, then generated a self-signed certificate using kolla, but the deploy/reconfigure won't work, they say :
self._sslobj.do_handshake()\n File \"/usr/lib64/python3.6/ssl.py\", line 648, in do_handshakeself._sslobj.do_handshake()\nssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED certificate verify failed
PS : in my globals.yml i have : *kolla_verify_tls_backend: "yes"*
Regards.