Hi All, I am trying to configure the endpoints to communicate over https. I am trying to debug a particular behavior of code but unable to relate my sequence of actions with the behavior of code. Kindly do guide me to understand the below mentioned scenario.
For SSL, I have generated a self-signed CA cert and used it for signing CSR request of host/controller. I placed the CA cert in the trusted-root authority of my host and all the services work fine. They are able to talk with each other over https. I was able to access the url https://<controller>:8774 from anywhere. I went ahead and modified the nova.conf and added ssl_ca_file in [DEFAULT] section. [DEFAULT] ....... ssl_ca_file=<path-to-ca-file> ssl_cert_file=<path-to-cert-file> ssl_key_file=<path-to-key-file> ....... Nova services come up fine, but now I am unable to access the url https://<controller>:8774. If I again remove the ssl_ca_file from nova.conf, it again starts working fine. Looking at the code, I could see that its getting used in nova/wsgi.py. if CONF.ssl_ca_file: ssl_kwargs['ca_certs'] = ca_file ssl_kwargs['cert_reqs'] = ssl.CERT_REQUIRED I am missing some very basic thing here, can someone please help me to understand the sequence of steps going on and what do I need to do to communicate with the service. The service is running and listening on port 8774, but it looks like I might have to provide something else with the request to communicate with the service. Since various other services would be communicating with nova, do I need to configure some specific parameter in those services? Any pointers would be really helpful. Thanks. *Rahul Sharma* *MS in Computer Science, 2016* College of Computer and Information Science, Northeastern University Mobile: 801-706-7860 Email: rahulsharma...@gmail.com Linkedin: www.linkedin.com/in/rahulsharmaait
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev