Ask Your Question

SSL BAD SIGNATURE octavia amphora

asked 2018-11-28 12:03:23 -0500

esxzawq gravatar image

updated 2018-11-30 16:03:56 -0500

johnsom gravatar image

hi everybody

I have configured things about SSL in octavia based on this url :, thanks

to michael

but connecting to the amphora is not possible because of SSL (BAD SIGNATURE)

I have logged into amphora and in /etc/octavia/amphora-agent.conf in [amphora_agent] section there were :

agent_server_ca = /etc/octavia/certs/client_ca.pem

agent_server_cert = /etc/octavia/certs/server.pem3


their values are come from [amphora_agent] in /etc/octavia/octavia.conf in controller node

but agent_server_ca and agent_server_cert are commented in octavia.conf file

I think the problem should be because of these two entry, that do not have correct values

what should be the values based on the

thanks in advance

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2018-11-30 16:05:28 -0500

johnsom gravatar image

Yes, those certificates are installed into the amphora at nova boot time, so they will not be updated after a controller configuration change. A new amphora will need to be booted, either by rebuilding the loadbalancer, or using the amphroa failover API.

edit flag offensive delete link more


Yes , but what should be the agent_server_ca and agent_server_cert values !?

esxzawq gravatar imageesxzawq ( 2018-12-02 10:12:00 -0500 )edit

Those are automatically filled in at amphora boot time when the configuration file is create. Those should not be set on the controllers.

johnsom gravatar imagejohnsom ( 2018-12-03 18:13:29 -0500 )edit

yes, correct, but where does BAD_SIGNATURE come from, I have done all things based on this link ( at least 10 times.

esxzawq gravatar imageesxzawq ( 2018-12-06 01:11:29 -0500 )edit

BAD_SIGNATURE is openssl saying it cannot validate the certificate that was presented to it. So either the cert being presented is bad/incorrect, or the CA certificate is not correct on the controller.

johnsom gravatar imagejohnsom ( 2018-12-10 11:16:43 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2018-11-28 12:03:23 -0500

Seen: 39 times

Last updated: Nov 30 '18