[openstack-dev] [Openstack] generation of .pem file

Juan Antonio Osorio jaosorior at gmail.com
Thu Nov 9 08:05:26 UTC 2017


Alright,

So, first question. What do you actually want to do? Do you need to
authenticate with the heat endpoint with TLS (using client certificates) ?
Or, do you want to merely use TLS to communicate with Heat and you're
getting this verification issue?

On Wed, Nov 8, 2017 at 10:48 PM, David Gabriel <davidgab283 at gmail.com>
wrote:

> I forget to send the errors I got:
>
>   File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", line
> 109, in create
>     data=kwargs, headers=headers)
>   File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line
> 223, in json_request
>     resp = self._http_request(url, method, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line
> 166, in _http_request
>     **kwargs)
>   File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 53,
> in request
>     return session.request(method=method, url=url, **kwargs)
>   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py",
> line 468, in request
>     resp = self.send(prep, **send_kwargs)
>   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py",
> line 576, in send
>     r = adapter.send(request, **kwargs)
>   File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py",
> line 447, in send
>     raise SSLError(e, request=request)
> SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 127.0.0.1 - - [08/Nov/2017 20:34:56] "POST /stack_create HTTP/1.1" 500 2801
>
>
> 2017-11-08 21:43 GMT+01:00 David Gabriel <davidgab283 at gmail.com>:
>
>> Dear Juan,
>>
>> Thanks so much for your reply.
>> I fact, the command you suggest leads to the structure of a .pem file
>> like it is shown in the reference you provide.
>>
>> Let me please ask another question related to the new pem file.
>> In fact, I want to use use it in to call python-heatclient API in order
>> to create stacks (Openstack address is based on https).
>> I am wondering, where to copy this pem file and how to refer it ?
>>
>> Thanks in advance.
>> Best regards.
>>
>>
>>
>> 2017-11-08 15:39 GMT+01:00 Juan Antonio Osorio <jaosorior at gmail.com>:
>>
>>> Hello,
>>>
>>> You need to verify the files and check how they look like. A good guide
>>> to do this is this one http://how2ssl.com/articles/wo
>>> rking_with_pem_files/ .
>>> .cert and .key are not actual formats, but might actually contain the
>>> cert and the key in PEM format. The main giveaway is that they should
>>> contain the header. If you will use the file for HAProxy, then you need the
>>> certificate and key in the same file. So you would do something like this:
>>>
>>>     $ cat mycertificate.cert  mykey.key > cert-and-key.pem
>>>
>>> And the resulting file is something you could use for your HAProxy
>>> instance. But again, it all depends on what you will use it for.
>>>
>>> On Wed, Nov 8, 2017 at 3:36 PM, David Gabriel <davidgab283 at gmail.com>
>>> wrote:
>>>
>>>> Dears,
>>>>
>>>> I need to generate the .pem file based on certifcate files (.cert).
>>>> The key (.key file) is available too.
>>>> All my files can be read as text files.
>>>> Could you please detail the procedure for this ?
>>>> I am using ubuntu as OS.
>>>>
>>>> Thanks in advance.
>>>> Best regards.
>>>>
>>>> ____________________________________________________________
>>>> ______________
>>>> OpenStack Development Mailing List (not for usage questions)
>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>> enstack.org?subject:unsubscribe
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Juan Antonio Osorio R.
>>> e-mail: jaosorior at gmail.com
>>>
>>>
>>> _______________________________________________
>>> Mailing list: http://lists.openstack.org/cgi
>>> -bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe : http://lists.openstack.org/cgi
>>> -bin/mailman/listinfo/openstack
>>>
>>>
>>
>


-- 
Juan Antonio Osorio R.
e-mail: jaosorior at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171109/c02ea20f/attachment.html>


More information about the OpenStack-dev mailing list