Keystone SSL certs
Pshem Kowalczyk
pshem.k at gmail.com
Tue Dec 1 21:08:50 UTC 2015
Hi,
I'm trying to secure keystone with SSL certificates. If I don't specify the
CA, cert and key (but use SSL) horizon dashboard can communicate with
keystone fine.
If I specify them manually (using our local CA and cert singed with that
CA) horizon can't talk to keystone. Debugging the issues I established that
apache (acting as reverse proxy) can't verify the root CA.
When the charm gets deployed I see the following messages in juju log:
140430614402720:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
When I had a look at the certs generated by juju it looks like the service
cert contains in fact two certs.
I suspect I'm not using the correct format for these options, but I can't
find anywhere any examples of this sort of deployment. Any idea what the
format should be?
kind regards
Pshem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20151201/8c9e35ea/attachment.html>
More information about the Juju
mailing list