[Openstack-operators] How to configure keystone to use SSL

zhangjian zhangjian2011 at cn.fujitsu.com
Thu Sep 22 03:14:58 UTC 2016

Hi, all

I have a mitaka environment created by packstack, and i tried to 
configure the keystone to use ssl, but failed, can anyone help me?
# keystone is a wsgi service now.

Configure steps are as following:
# keystone-manage ssl_setup --keystone-user keystone --keystone-group 
# chown -R keystone:keystone /etc/keystone/ssl
# keystone endpoint-create --service keystone --region RegionOne 
--adminurlhttps://{FQDN}:35357/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0>
# cat /etc/keystone/keystone.conf
   ... ...
   certfile = /etc/keystone/ssl/certs/keystone.pem
   keyfile = /etc/keystone/ssl/private/keystonekey.pem
   ca_certs = /etc/keystone/ssl/certs/ca.pem
   ca_key = /etc/keystone/ssl/private/cakey.pem

# cat keystonerc_admin
... ...
export OS_AUTH_URL=https://FQDN:5000/v2.0

# keystone endpoint-delete Old_Endpoint_For_Keystone
Unable to delete endpoint.

# systemctl restart httpd
# source keystonerc_admin

# openstack project list
Discovering versions from the identity service failed when creating the 
password plugin. Attempting to determine version from URL.
SSL exception connecting to https://FQDN:5000/v2.0/tokens: [SSL: 
UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160922/f85f1403/attachment.html>

More information about the OpenStack-operators mailing list