keystone, cert_required and nova
I'm trying to configure Keystone in my OpenStack setup to use SSL. I'm currently playing with cert_required
flag in keystone.conf
:
[ssl]
enable = True
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = True
Unfortunately if it's set to True
I'm unable to connect to nova using it's CLI client:
SSLError: [Errno 1] _ssl.c:504: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
In keystone CLI client I can specify --os-key
and --os-cert
options to do a proper SSL handshake and then it works. These options are missing in nova CLI client. How can I use cert_required
option with nova? Maybe the option is prepared to be used in other scenarios?