Hi, all I have a mitaka environment created by packstack, and i tried to configure the keystone to use ssl, but failed, can anyone help me? # keystone is a wsgi service now. Configure steps are as following: =============== # keystone-manage ssl_setup --keystone-user keystone --keystone-group keystone # chown -R keystone:keystone /etc/keystone/ssl # keystone endpoint-create --service keystone --region RegionOne --publicurlhttps://{FQDN}:5000/v2.0 <https://%7BkeystoneHost%7D:5000/v2.0> --internalurlhttps://{FQDN}:5000/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0> --adminurlhttps://{FQDN}:35357/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0> # cat /etc/keystone/keystone.conf ... ... [ssl] enable=True certfile = /etc/keystone/ssl/certs/keystone.pem keyfile = /etc/keystone/ssl/private/keystonekey.pem ca_certs = /etc/keystone/ssl/certs/ca.pem ca_key = /etc/keystone/ssl/private/cakey.pem # cat keystonerc_admin ... ... export OS_AUTH_URL=https://FQDN:5000/v2.0 # keystone endpoint-delete Old_Endpoint_For_Keystone Unable to delete endpoint. # systemctl restart httpd # source keystonerc_admin # openstack project list Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. SSL exception connecting to https://FQDN:5000/v2.0/tokens: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765) =============== Regards, Kenn -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160922/f85f1403/attachment.html>