Ask Your Question

Revision history [back]

You don't have any settings for certificates under [signing] section.

Refer http://docs.openstack.org/developer/keystone/configuration.html#certificates-for-pki and setup the location for signing certs

Run keystone-manage pki_setup to generate signing certs. The parameters to keystone-mange pki-setup are unix user and group name. You don't have any settings for certificates under [signing] section.can get that by running "id" command.

Refer http://docs.openstack.org/developer/keystone/configuration.html#certificates-for-pki and setup the location for signing certspki-setup will generate singing files at /etc/keystone.

[signing] certfile = /etc/keystone/ssl/certs/signing_cert.pem keyfile = /etc/keystone/ssl/private/signing_key.pem ca_certs = /etc/keystone/ssl/certs/ca.pem ca_key = /etc/keystone/ssl/private/cakey.pem

Given above are the default locaton of those files. Once you have them, it should work. If not please paste the error

  1. Run keystone-manage pki_setup to generate signing certs.
  2. The parameters to keystone-mange pki-setup are unix user and group name. You can get that by running "id" command.

  3. pki-setup will generate sining files at /etc/keystone. Given below are the default settings
[signing]
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#ca_key = /etc/keystone/ssl/private/cakey.pem

pki-setup will generate singing It should work if you have the files at /etc/keystone.

[signing] certfile = /etc/keystone/ssl/certs/signing_cert.pem keyfile = /etc/keystone/ssl/private/signing_key.pem ca_certs = /etc/keystone/ssl/certs/ca.pem ca_key = /etc/keystone/ssl/private/cakey.pem

Given above are the default locaton of those files. Once you have them, it should work. that location. If not please paste the error