[Openstack] SSL enabled Keystone using external CA

mohammad kashif Tue, 04 Nov 2014 09:02:15 -0800

Hi
I am trying to setup ssl enabled keystone using external CA

my keystone.conf settings regarding ssl are


[signing]

certfile=/etc/grid-security/cert.pem

keyfile=/etc/grid-security/key.pem

ca_certs=/etc/grid-security/certificates/UKeScienceRoot-2007.pem

key_size=2048

cert_subject=< DN of cert>


[ssl]

enable=True

certfile=/etc/grid-security/cert.pem

keyfile=/etc/grid-security/key.pem

ca_certs=/etc/grid-security/certificates/UKeScienceRoot-2007.pem

cert_subject=<DN of Cert>


I commented out "ca_key" parameter which I think not needed for external ca
certificate .

I can query keystone on https endpoint with --insecure option but without
--insecure option, it is failing with this error

INFO:urllib3.connectionpool:Starting new HTTPS connection (1): 192.168.31.1
SSL exception connecting to https://192.168.31.1:35357/v2.0/users

 I alsto tried with --os_cacert option.

I am using openstack icehouse.


Can some one help me in troubleshooting this problem ?

Regards
Kashif

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] SSL enabled Keystone using external CA

Reply via email to