On Fri, May 2, 2014 at 2:06 PM, Rob Crittenden <[email protected]> wrote:
> I'm trying to get devstack to the point where it can configure all the > services with SSL so it can be be part of the acceptance process. This is > for client communication, there is no expectation that anyone would deploy > native SSL endpoints. For the most part things just work. Most of the > issues I've run into are server to server communication relating to passing > in the CA certificate path. > FWIW, DevStack has had the ability to do TLS termination using stud for all public API services, long before any of the individual service SSL/TLS configurations were usable. Using an external TLS termination solves the internal communication problem as long as internal services are configured properly. It also more closely matches what I have seen in real-world deployments. It has been a while since I've tested this and it is likely to need some love. The basic structure, including building a root and intermediate CA to issue certs that look like real-world certs, has been present for almost a year and a half. dt -- Dean Troyer [email protected]
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
