[openstack-dev] [Openstack] generation of .pem file

David Gabriel davidgab283 at gmail.com
Thu Nov 9 13:27:40 UTC 2017


My objective is to create a stack using Heat.
Initially, my code worked properly with http access but when our Openstack
is updated the access is becoming via https so I got the errors I sent in
the previous email.
So I think I need to *authenticate *using the .pem certificate.
But, I don't know where exactely (which location) I put the .pem file in
order to be visible to the heatclient (or keystone) and how shall I update
my code ?

I am confusing a little bit!
Thanks in advance.
Best regards.

2017-11-09 9:05 GMT+01:00 Juan Antonio Osorio <jaosorior at gmail.com>:

> Alright,
>
> So, first question. What do you actually want to do? Do you need to
> authenticate with the heat endpoint with TLS (using client certificates) ?
> Or, do you want to merely use TLS to communicate with Heat and you're
> getting this verification issue?
>
> On Wed, Nov 8, 2017 at 10:48 PM, David Gabriel <davidgab283 at gmail.com>
> wrote:
>
>> I forget to send the errors I got:
>>
>>   File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", line
>> 109, in create
>>     data=kwargs, headers=headers)
>>   File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py",
>> line 223, in json_request
>>     resp = self._http_request(url, method, **kwargs)
>>   File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py",
>> line 166, in _http_request
>>     **kwargs)
>>   File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line
>> 53, in request
>>     return session.request(method=method, url=url, **kwargs)
>>   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py",
>> line 468, in request
>>     resp = self.send(prep, **send_kwargs)
>>   File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py",
>> line 576, in send
>>     r = adapter.send(request, **kwargs)
>>   File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py",
>> line 447, in send
>>     raise SSLError(e, request=request)
>> SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>> 127.0.0.1 - - [08/Nov/2017 20:34:56] "POST /stack_create HTTP/1.1" 500
>> 2801
>>
>>
>> 2017-11-08 21:43 GMT+01:00 David Gabriel <davidgab283 at gmail.com>:
>>
>>> Dear Juan,
>>>
>>> Thanks so much for your reply.
>>> I fact, the command you suggest leads to the structure of a .pem file
>>> like it is shown in the reference you provide.
>>>
>>> Let me please ask another question related to the new pem file.
>>> In fact, I want to use use it in to call python-heatclient API in order
>>> to create stacks (Openstack address is based on https).
>>> I am wondering, where to copy this pem file and how to refer it ?
>>>
>>> Thanks in advance.
>>> Best regards.
>>>
>>>
>>>
>>> 2017-11-08 15:39 GMT+01:00 Juan Antonio Osorio <jaosorior at gmail.com>:
>>>
>>>> Hello,
>>>>
>>>> You need to verify the files and check how they look like. A good guide
>>>> to do this is this one http://how2ssl.com/articles/wo
>>>> rking_with_pem_files/ .
>>>> .cert and .key are not actual formats, but might actually contain the
>>>> cert and the key in PEM format. The main giveaway is that they should
>>>> contain the header. If you will use the file for HAProxy, then you need the
>>>> certificate and key in the same file. So you would do something like this:
>>>>
>>>>     $ cat mycertificate.cert  mykey.key > cert-and-key.pem
>>>>
>>>> And the resulting file is something you could use for your HAProxy
>>>> instance. But again, it all depends on what you will use it for.
>>>>
>>>> On Wed, Nov 8, 2017 at 3:36 PM, David Gabriel <davidgab283 at gmail.com>
>>>> wrote:
>>>>
>>>>> Dears,
>>>>>
>>>>> I need to generate the .pem file based on certifcate files (.cert).
>>>>> The key (.key file) is available too.
>>>>> All my files can be read as text files.
>>>>> Could you please detail the procedure for this ?
>>>>> I am using ubuntu as OS.
>>>>>
>>>>> Thanks in advance.
>>>>> Best regards.
>>>>>
>>>>> ____________________________________________________________
>>>>> ______________
>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>>> enstack.org?subject:unsubscribe
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Juan Antonio Osorio R.
>>>> e-mail: jaosorior at gmail.com
>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: http://lists.openstack.org/cgi
>>>> -bin/mailman/listinfo/openstack
>>>> Post to     : openstack at lists.openstack.org
>>>> Unsubscribe : http://lists.openstack.org/cgi
>>>> -bin/mailman/listinfo/openstack
>>>>
>>>>
>>>
>>
>
>
> --
> Juan Antonio Osorio R.
> e-mail: jaosorior at gmail.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171109/9a2b9f4f/attachment.html>


More information about the OpenStack-dev mailing list