OpenStack ManualsOpenStack Compute Administration Guide  - Grizzly, 2013.1

  Atom feed of this document
 

 Install External Signing Certificate

Assuming you have the following already:

  • signing_cert.pem - (Keystone token) signing certificate in PEM format

  • signing_key.pem - corresponding (non-encrypted) private key in PEM format

  • cacert.pem - trust CA certificate chain in PEM format

Copy the above to your certificate directory. For example: 

mkdir -p /etc/keystone/ssl/certs
cp signing_cert.pem /etc/keystone/ssl/certs/
cp signing_key.pem /etc/keystone/ssl/certs/
cp cacert.pem /etc/keystone/ssl/certs/
chmod -R 700 /etc/keystone/ssl/certs
[Note]Note

Make sure the certificate directory is only accessible by root.

If your certificate directory path is different from the default /etc/keystone/ssl/certs, make sure it is reflected in the [signing] section of the configuration file.

Log a bug against this page
Legal notices
loading table of contents...