Atom feed of this document
  
 

 Debug signing key file errors

If an error occurs when the signing key file opens, it is possible that the person who ran the keystone-manage pki_setup command to generate certificates and keys did not use the correct user. When you run the keystone-manage pki_setup command, the Identity Service generates a set of certificates and keys in /etc/keystone/ssl*, which is owned by root:root.

This can present a problem when you run the Identity Service daemon under the keystone user account (nologin) when you try to run PKI. Unless you run the chown command against the files keystone:keystone or run the keystone-manage pki_setup command with the --keystone-user and --keystone-group parameters, you get an error, as follows:

2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing key file
/etc/keystone/ssl/private/signing_key.pem
140380567730016:error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('/etc/keystone/ssl/private/signing_key.pem','r')
140380567730016:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load signing key file
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...