[Openstack] Enabling SSL For The OpenStack API using HTTPD and mod_wsgi

Devendra Gupta dev29aug at gmail.com
Mon Apr 14 21:29:36 UTC 2014


Hi,

I want to enable SSL for all the OpenStack APIs and test it but I
couldn't find detailed doc on docs.openstack.org. Does anyone have
some notes on how to set this up ?

I did good search around it on Google and OpenStack/RDO mailing list,
I found lots of different paths but most of them were limited to
Keystone only using 'keystone-manage ssl_setup'. I also found
following nice blog which have 6 posts for setting up the SSL for all
the components using Apache2 and mod_wsgi.

http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keystone/

I want to go through this doc to do a complete setup but before that I
wanted to take few inputs about my environment:

1. I have OpenStack RDO Havana running on Single CentOS 6 VM. Is it
fine to try the steps on OpenStack RDO/Havana setup ? Or I need to
have OpenStack setup on Ubuntu/Grizzly ?

2. Since all the OpenStack components are running on the same host, I
guess I need to add VHost entries for all the APIs (mentioned in all 6
docs) in the /etc/httpd/conf/http.conf. Please help me if someone have
a sample file VHost file with sites created for some/all components.

3. Can I have single set of  self signed certificate path for all the
Virtual Host entries as all APIs are running on the single VM.
    SSLCertificateFile /location/of/server.pem
    SSLCertificateKeyFile /location/of/server.key

Another thing, the ketstone configuration part in this blog is having
reference to the github page (http://goo.gl/ZIhcn2) for configuring
Keystone with SSL but I find that doc little difficult to understand
as there is no details of configuring virtual hosts so can I skip the
github doc and proceed with the same blog.

Regards,
Devendra Gupta




More information about the Openstack mailing list