[Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL
Jesse Keating
jlk at bluebox.net
Wed Feb 11 00:38:13 UTC 2015
On 2/10/15 3:40 PM, Gui Maluf wrote:
> Something wrong with my certificates and Keystone, cause changing to
> self-signed certificates everything is working.
>
There is an undocumented (in the usual places) for keystone middleware
to point at the CA file for your certificates.
http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration-options
Of note,
cafile: (optional, defaults to use system CA bundle) the path to a PEM
encoded CA file/bundle that will be used to verify HTTPS connections.
These go in each of your API services' [keystone_authtoken] section,
which configures keystone middleware.
I've filed a bug already that this documentation doesn't exist in the
config references for each service.
--
-jlk
More information about the OpenStack-operators
mailing list