[Openstack] SSL Configuration

Georgios Dimitrakakis giorgis at acmac.uoc.gr
Tue Dec 2 15:01:10 UTC 2014


 @Robert: I don't have a load-balancer for this deployment. Just 
 controller, cinder and compute nodes.



 What I would like to do is to secure the public endpoints for Keystone, 
 Glance, Nova, Cinder with SSL and the EC2 API.

 That would be sufficient for the moment.

 Is it OK if I just change the respective *.conf files or should I do 
 something more? Should the changes at the *.conf files be propagated on 
 all nodes?


 All the best,

 George



 On Tue, 2 Dec 2014 17:49:24 +0330, Muhammed Salehi wrote:
> Hi.
> Do you want to serve https instead http ? Or you want to encrypt all
> of the communications between these components?
> For the first problem the solution is : Search about how to serve and
> https with apache or passenger.
>
> On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis  wrote:
>
>> Hi!
>>
>> Can someone point me to the right direction on how to secure
>> publicly available services (e.g. nova,keystone,glance) with an SSL
>> certificate?
>>
>> Best regards,
>>
>> George
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
>> Post to     : openstack at lists.openstack.org [2]
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
>
> --
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1
>
> mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> Tt1scwgVintCWdVX9BS2
> =cxjk
> -----END PGP PUBLIC KEY BLOCK-----
>
>
> Links:
> ------
> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [2] mailto:openstack at lists.openstack.org
> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [4] mailto:giorgis at acmac.uoc.gr





More information about the Openstack mailing list