Dear all,

 I am trying to setup ec2-api with SSL support on Rocky and no matter
 what I do I am getting the following error in the logs
 (/var/log/messages)

 ec2-api: SSLError: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure
 (_ssl.c:1822)

 and in the end

 ec2-api: SSLError: [SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did
 not return a certificate (_ssl.c:1822)

 The full trace can be found here: https://pastebin.com/iPHXudag (where
 I have hidden the hostname)

 What I have done is that in "ec2api.conf" I have set the ca_file,
 cert_file and key_file pointing to the same files that Openstack's
 Dashboard is using which can be accessed without a problem.

 Afterwards I have restarted all ec2 services meaning both the
 "openstack-ec2-api-metadata.service" and "openstack-ec2-api.service".

 Using openssl cli and trying to connect to port 8788 I am seeing
 somewhere in the middle the error:
 SSL_connect:SSLv3 write client key exchange A write to 0x26c3e30
 [0x2721290] (6 bytes => -1 (0xFFFFFFFFFFFFFFFF)) SSL_connect:error in
 SSLv3 write finished A
 SSL_connect:error in SSLv3 write finished A
 write:errno=32

 The same openssl cli for port 443 (dashboard) works out of the box
 without a problem

 Obviously the cert is not served properly but cannot figure out why...

 Needless to say that I have tripled checked for any spelling mistakes,
 permissions etc. but I am open to suggestions.

 I have set ec2api to "Debug" mode but there isn't anything useful in
 the logs and in fact is not writing anything except a line like the one
 below when trying to access it:

 2019-04-06 01:25:03.805 211954 DEBUG ec2api.wsgi.server [-] (211954)
 accepted ('xxx.xxx.xxx.xxx', 60154) server
 /usr/lib/python2.7/site-packages/eventlet/wsgi.py:883

 Can someone shed some light please?

 If there is anything that you would like me to share with you like the
 openssl CLI's output or the ec2api.log please let me know.

 Best regards,

 G.