Ask Your Question
0

Horizone and VNC with corporate SSL certificate (Packstack)

asked 2017-11-03 00:31:51 -0600

iOsX gravatar image

I have deployed RDO Pike into my corporate infrastructure. For some reasons only Internet Explorer works perfect. Google Chrome always complain on SSL Errors and does not connect to Openstack Web UI.

However, I have found solution for Horizone In the httpd config file /etc/httpd/conf.d/15-horizon_ssl_vhost.conf, I modified next lines:

SSLCertificateFile      “/etc/pki/tls/certs/openstack.company.com.crt”
SSLCertificateKeyFile   “/etc/pki/tls/certs/openstack.company.com.key”
SSLCACertificatePath    “/etc/pki/tls/certs”
SSLCACertificateFile    “/etc/pki/tls/certs/packstack_cacert.crt”

So I generated CSR file, then KEY file and provided CSR to our Windows-admins who generated CRT file based on my CSR. As you see above, I put exactly my corporate certificates instead of self-signed certificate generated by Packstack.

For now, Google Chrome work fine. But only Horizon. My VNC connections to the instance doesn't work. It works only via IE only :) I found next configuration and tried to change it with my certificates but it doesn't work for me :(

[ORIGINAL] /etc/nova/nova.conf:

cert = /etc/pki/tls/certs/ssl_vnc.crt
key = /etc/pki/tls/certs/ssl_vnc.key
vncserver_proxyclient_address = 10.189.128.95
novncproxy_base_url = https://10.189.128.95:6080/vnc_auto.html

[MODIFIED] /etc/nova/nova.conf:

cert = /etc/pki/tls/certs/openstack.company.com.crt
key = /etc/pki/tls/certs/openstack.company.com.key
vncserver_proxyclient_address = openstack.company.com
novncproxy_base_url = https://openstack.company.com:6080/vnc_auto.html

Did anybody solve it?

Regards, Oleg

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted
0

answered 2017-11-20 07:18:53 -0600

timi gravatar image

for dashboard I used https://docs.openstack.org/mitaka/config-reference/dashboard/configure.html (https://docs.openstack.org/mitaka/con...)

edit flag offensive delete link more
0

answered 2017-11-16 07:19:27 -0600

iOsX gravatar image

It still actual.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-11-03 00:31:51 -0600

Seen: 36 times

Last updated: Nov 20