Hello again, It looks to me that TLS is automatically supported by the Keystone Havana. I performed the following curl call and it seems to indicate that Keystone is using TLS. Can anyone validate that Keystone Havana does or does not support TLS?
Thanks, Mark root@build-HP-Compaq-6005-Pro-SFF-PC:/etc/keystone# curl -v --insecure https://15.253.58.165:35357/v2.0/certificates/signing * About to connect() to 15.253.58.165 port 35357 (#0) * Trying 15.253.58.165... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: C=US; ST=CA; L=Sunnyvale; O=OpenStack; OU=Keystone; [email protected]; CN=Keystone * start date: 2013-03-15 01:44:55 GMT * expire date: 2013-03-15 01:44:55 GMT * common name: Keystone (does not match '15.253.58.165') * issuer: serialNumber=5; C=US; ST=CA; L=Sunnyvale; O=OpenStack; OU=Keystone; [email protected]; CN=Self Signed * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > GET /v2.0/certificates/signing HTTP/1.1 > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 > zlib/1.2.3.4 libidn/1.23 librtmp/2.3 > Host: 15.253.58.165:35357 > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=UTF-8 < Content-Length: 973 < Date: Fri, 25 Oct 2013 18:27:52 GMT < -----BEGIN CERTIFICATE----- MIICoDCCAgkCAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x … 3S9E696tVhWqc+HAW91KgZcIwAgQrxWeC0x5O76Q3MGrxvWwyMHPlsxyL4H67AnI wq8zJxOFtzvP8rVWrQ3PnzBozXKuU3VLPqAsDI4nDxjqFpVf3LYCFDRueS2EI5xc 5/rt9g== -----END CERTIFICATE----- * Connection #0 to host 15.253.58.165 left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): root@build-HP-Compaq-6005-Pro-SFF-PC:/etc/keystone# From: Miller, Mark M (EB SW Cloud - R&D - Corvallis) Sent: Friday, October 25, 2013 8:58 AM To: OpenStack Development Mailing List Subject: [openstack-dev] Keystone TLS Question Hello, Is there any direct TLS support by Keystone other than using the Apache2 front end? Mark
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
