Open Stack

On 2/10/15 3:40 PM, Gui Maluf wrote:
> Something wrong with my certificates and Keystone, cause changing to
> self-signed certificates everything is working.
>

There is an undocumented (in the usual places) for keystone middleware 
to point at the CA file for your certificates.

http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration-options

Of note,

cafile: (optional, defaults to use system CA bundle) the path to a PEM 
encoded CA file/bundle that will be used to verify HTTPS connections.



These go in each of your API services' [keystone_authtoken] section, 
which configures keystone middleware.

I've filed a bug already that this documentation doesn't exist in the 
config references for each service.

-- 
-jlk