Ask Your Question

Devstack with SSL

asked 2014-08-18 15:12:56 -0500

barakme gravatar image

Is it possible to configure devstack to use SSL?

I could not find clear instructions about this. Reading through, it seems like enabling the tls-proxy in the localrc configuration should do it, but when I run, it fails with: "keystone did not start"

edit retag flag offensive close merge delete


Have you searched this site before posting this question? and and more

smaffulli gravatar imagesmaffulli ( 2014-08-18 17:36:44 -0500 )edit

I have, extensively. All of the questions that appear there either refer to specific services (keystone, not all services), refer to old versions of openstack and the instructions are not relevant or assume the existence of signed certificates or an external CA.

barakme gravatar imagebarakme ( 2014-08-19 01:18:49 -0500 )edit

@barakme the short answer to your question is: Yes, it's possible. The documentation is sparse though. Expand your question as you keep debugging and make it more specific so people can help you

smaffulli gravatar imagesmaffulli ( 2014-08-19 17:46:33 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-02-05 06:29:39 -0500

LZ gravatar image
You can configure endpoints to use SSL natively or via proxy

Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.

To enable SSL via proxy, in local.conf add


This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.

To enable SSL natively, in local.conf add:


Native SSL by default will also use the devstack-generate root 
and subordinate CA.

You can override this on a per-service basis by setting


You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-08-18 15:12:56 -0500

Seen: 2,109 times

Last updated: Feb 05 '15