Open Stack

You may want to try updating the system CA certs.  Download both the
root and current intermediate certificate from Geotrust and copy them
to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust. I had
some issues with newer GoDaddy certificates and this fixed me up.
You'd need to do this on any node accessing the APIs.

-Erik

On Wed, Mar 23, 2016 at 7:20 AM, Dean Troyer <dtroyer at gmail.com> wrote:
> On Tue, Mar 22, 2016 at 7:41 PM, Jagga Soorma <jagga13 at gmail.com> wrote:
>>
>> However my mac os x desktop does that without any issues.  I was able
>> to get around this on my CentOS server by downloading the
>> GeoTrust_CA_Bundle.crt locally and using "export
>> OS_CACERT=/var/tmp/GeoTrust_CA_Bundle.crt".  However, I don't want to
>> have all my users to have to do this.  Is there a way around this on
>> CentOS/Ubunut?  I thought this would be part of the ssl chain included
>> on these distributions.
>
>
> There are a couple of possibilities to explain the different behaviour, but
> some additional information is required to pinpoint the issue.  How was OSC
> installed on the CentOS systems?  (I presume that it was installed via pip
> on OS/X.)
>
> Some (if not all) packagers unbundle the urllib3 module that is included in
> the requests PyPI package.  requests also includes its own CA bundle and
> this is also changed to use the system CA bundle/certs by some packagers.
>
> dt
>
> --
>
> Dean Troyer
> dtroyer at gmail.com
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>