To summarize: Certificate will be a first level citizen which can be reused and For certificate management nothing sophisticated is required.
Can you please Vote (+1, -1)? We can move on if there is consensus around this. > -----Original Message----- > From: Stephen Gran [mailto:stephen.g...@guardian.co.uk] > Sent: Wednesday, November 20, 2013 3:01 PM > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up > > Hi, > > On Wed, 2013-11-20 at 08:24 +0000, Samuel Bercovici wrote: > > Hi, > > > > > > > > Evgeny has outlined the wiki for the proposed change at: > > https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL which is in line > > with what was discussed during the summit. > > > > The > > > https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2n > YTvMkMJ_inbo/edit discuss in addition Certificate Chains. > > > > > > > > What would be the benefit of having a certificate that must be > > connected to VIP vs. embedding it in the VIP? > > You could reuse the same certificate for multiple loadbalancer VIPs. > This is a fairly common pattern - we have a dev wildcard cert that is self- > signed, and is used for lots of VIPs. > > > When we get a system that can store certificates (ex: Barbican), we > > will add support to it in the LBaaS model. > > It probably doesn't need anything that complicated, does it? > > Cheers, > -- > Stephen Gran > Senior Systems Integrator - The Guardian > > Please consider the environment before printing this email. > ------------------------------------------------------------------ > Visit theguardian.com > > On your mobile, download the Guardian iPhone app > theguardian.com/iphone and our iPad edition theguardian.com/iPad > Save up to 33% by subscribing to the Guardian and Observer - choose the > papers you want and get full digital access. > Visit subscribe.theguardian.com > > This e-mail and all attachments are confidential and may also be privileged. > If > you are not the named recipient, please notify the sender and delete the e- > mail and all attachments immediately. > Do not disclose the contents to another person. You may not use the > information for any purpose, or store, or copy, it in any way. > > Guardian News & Media Limited is not liable for any computer viruses or > other material transmitted with or as part of this e-mail. You should employ > virus checking software. > > Guardian News & Media Limited > > A member of Guardian Media Group plc > Registered Office > PO Box 68164 > Kings Place > 90 York Way > London > N1P 2AP > > Registered in England Number 908396 > > -------------------------------------------------------------------------- > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev