Openstack stein TLS configuration with combined method of interfaces

Mark Goddard mark at
Fri Jan 15 08:50:47 UTC 2021

On Fri, 15 Jan 2021 at 07:59, roshan anvekar <roshananvekar at> wrote:
> Hello,
> Openstack version: stein
> Deployment method: kolla-ansible
> I am trying to set up TLS for Openstack endpoint.
> I have chosen combined method of vip address where I supply only kolla_internal_vip_address and network_interface details. I do not enable external kolla vip address.
> After this I set up kolla_enable_tls_external: 'yes' and pass the kolla_external_fqdn_cert certificates.
> The installation is successful but I see that http link opens but https:// endpoint does not open at all. Is as good as not available.
> Any reason for this?

Hi. From the Stein documentation [1]:

"The kolla_internal_vip_address and kolla_external_vip_address must be
different to enable TLS on the external network."

>From the Train release it is possible to enable TLS on the internal
VIP, although Ussuri is typically necessary to make it work if you
have a private CA.

> Regards,
> Roshan

More information about the openstack-discuss mailing list