Hi All, Magnum as a CA mainly aims at how certificates and keys for both client(magnum-conductor) and server(kube-apiserver) will be generated and who will be the CA. Blueprint Link: https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca Currently we have 3 options to generate certificates. *1. Write our own tool.* In this approach, we will have our own tool to generate certificate signed by CA. A review has been submitted for it: https://review.openstack.org/#/c/199493/ *2. Using Anchor.* Anchor is an stackforge project that automates the verification of CSRs and signs certificates for clients. https://github.com/stackforge/anchor <https://mail.nectechnologies.in/owa/redir.aspx?C=WbmDv-KJVUmq2sEu4MFC0e-k5uFujdIIs7jarFb-BEGxx7iEgSFPZtTZ41n6FXvt-LMt_E0Efho.&URL=https%3a%2f%2fgithub.com%2fstackforge%2fanchor> Anchor can be used to generate signed certificate. *3. Using Barbican. *Barbican can also be used for generating certificate signed by some CA plugins. http://docs.openstack.org/developer/barbican/plugin/certificate.html <https://mail.nectechnologies.in/owa/redir.aspx?C=WbmDv-KJVUmq2sEu4MFC0e-k5uFujdIIs7jarFb-BEGxx7iEgSFPZtTZ41n6FXvt-LMt_E0Efho.&URL=http%3a%2f%2fdocs.openstack.org%2fdeveloper%2fbarbican%2fplugin%2fcertificate.html> Moreover it can also be used to store certificates securely. Folks, please provide your views on which is the most suitable option for adding TLS support in Magnum. Also, we will have a meeting on *#openstack-containers* at *23:30 UTC* to discuss the same. Request Barbican and Anchor developers also to join. Regards Madhuri -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150709/d28755d6/attachment.html>