[openstack-dev] [Magnum] TLS Support in Magnum

大塚元央 yuanying at oeilvert.org
Tue Jun 16 06:30:36 UTC 2015


Hi, Tom

2015年6月16日(火) 3:00 Tom Cammann <tom.cammann at hp.com>:

>
> At the summit we talked about using Magnum as a CA and signing the
> certificates, and we seemed to have some consensus about doing this with
> the
> possibility of using Anchor. This would take a lot of the onus off of
> the user to
> fiddle around with openssl and craft the right signed certs safely. Using
> Magnum as a CA the user would generate a key/cert pair, and then get the
> cert signed by Magnum, and the kube node would do the same. The main
> downside of this technique is that the user MUST trust Magnum and the
> administrator as they would have access to the CA signing cert.
>

I'm not sure about Anchor.
You mean, Anchor can be used for implementation of Magnum as a CA.
Right?

Thanks
-yuanying
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150616/cd1bb693/attachment.html>


More information about the OpenStack-dev mailing list