How to specify https configuration for Heat?

asked 2014-03-05 10:22:43 -0600

Eufemia gravatar image

updated 2014-03-06 17:23:40 -0600

smaffulli gravatar image

I have a problem in the heat configuration for https protocol. In particular, in my current deploy environment, all the openstack services are reachable by means of security certificates. As a consequence, I have set "ca-file" variables in heat.conf and api-paste.ini files but Heat seems to not read them. In fact, when I run the command heat --ca-file XXX stack-create name --template=ect, I receive the following error: ERROR: Authorization Failed: <attribute 'message' of 'exceptions.BaseException' objects> (HTTP Unable to establish connection to

Can you please help me?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2015-02-12 19:45:36 -0600

xu-haiwei gravatar image

I am not very about this, but when I looked up into heat.conf and nova.conf, the variable is "cafile", not "ca-file", is this the matter?

edit flag offensive delete link more

answered 2015-02-13 05:15:29 -0600

You have to configure in heat.conf under [ssl] group:


where cert_file is your cert file and key_file is your private key.


edit flag offensive delete link more

answered 2015-02-12 23:56:37 -0600

1-Cloud gravatar image

updated 2015-02-13 05:55:38 -0600


Use --os-cacert.

To enable SSL with client authentication, modify the [ssl] section in the etc/keystone.conf file. The following SSL configuration example uses the included sample certificates:

[ssl] enable = True certfile = <path to="" keystone.pem=""> keyfile = <path to="" keystonekey.pem=""> ca_certs = <path to="" ca.pem=""> cert_required = True

enable. True enables SSL. Default is False.

certfile. Path to the Identity Service public certificate file.

keyfile. Path to the Identity Service private certificate file. If you include the private key in the certfile, you can omit the keyfile.

ca_certs. Path to the CA trust chain.

cert_required. Requires client certificate. Default is False.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-03-05 10:22:43 -0600

Seen: 1,790 times

Last updated: Feb 13 '15