[openstack-dev] SSL in Common client
Dean Troyer
dtroyer at gmail.com
Fri May 2 19:53:26 UTC 2014
On Fri, May 2, 2014 at 2:06 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> I'm trying to get devstack to the point where it can configure all the
> services with SSL so it can be be part of the acceptance process. This is
> for client communication, there is no expectation that anyone would deploy
> native SSL endpoints. For the most part things just work. Most of the
> issues I've run into are server to server communication relating to passing
> in the CA certificate path.
>
FWIW, DevStack has had the ability to do TLS termination using stud for all
public API services, long before any of the individual service SSL/TLS
configurations were usable. Using an external TLS termination solves the
internal communication problem as long as internal services are configured
properly. It also more closely matches what I have seen in real-world
deployments.
It has been a while since I've tested this and it is likely to need some
love. The basic structure, including building a root and intermediate CA to
issue certs that look like real-world certs, has been present for almost a
year and a half.
dt
--
Dean Troyer
dtroyer at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140502/f35b2dc7/attachment.html>
More information about the OpenStack-dev
mailing list