On Fri, May 2, 2014 at 2:06 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> I'm trying to get devstack to the point where it can configure all the
> services with SSL so it can be be part of the acceptance process. This is
> for client communication, there is no expectation that anyone would deploy
> native SSL endpoints. For the most part things just work. Most of the
> issues I've run into are server to server communication relating to passing
> in the CA certificate path.

FWIW, DevStack has had the ability to do TLS termination using stud for all
public API services, long before any of the individual service SSL/TLS
configurations were usable.  Using an external TLS termination solves the
internal communication problem as long as internal services are configured
properly.  It also more closely matches what I have seen in real-world

It has been a while since I've tested this and it is likely to need some
love. The basic structure, including building a root and intermediate CA to
issue certs that look like real-world certs, has been present for almost a
year and a half.



Dean Troyer
OpenStack-dev mailing list

Reply via email to