On Fri, May 2, 2014 at 2:06 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> I'm trying to get devstack to the point where it can configure all the
> services with SSL so it can be be part of the acceptance process. This is
> for client communication, there is no expectation that anyone would deploy
> native SSL endpoints. For the most part things just work. Most of the
> issues I've run into are server to server communication relating to passing
> in the CA certificate path.
>

FWIW, DevStack has had the ability to do TLS termination using stud for all
public API services, long before any of the individual service SSL/TLS
configurations were usable.  Using an external TLS termination solves the
internal communication problem as long as internal services are configured
properly.  It also more closely matches what I have seen in real-world
deployments.

It has been a while since I've tested this and it is likely to need some
love. The basic structure, including building a root and intermediate CA to
issue certs that look like real-world certs, has been present for almost a
year and a half.

dt

-- 

Dean Troyer
dtro...@gmail.com
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to