[face palm].....I could have just bundled the intermediate CA cert with
my server cert and have keystone send that to the https client instead.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1238288
Title:
SSL CA Certificate config fail
Status in OpenStack Identity (Keystone):
Invalid
Bug description:
Keystone (atleast with Havana ver RC1) seems to ignore specification of CA
certificates with the `ca_certs` directive in the `[ssl]` section of
keystone.conf.
As a result, some https clients (firefox, curl & wget) raise cert errors
during connections ( as they don't bother to auto search for the CAcert like
chrome or opera do )
Note. Running keystone via Apache and specifying the same CAcert with
the directive `SSLCACertificateFile` works and serves as a good
stopgap or alternative solution
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1238288/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
