Ask Your Question
1

keystone ssl certificate expires after one year

asked 2013-10-27 09:50:02 -0500

Bart van den Heuvel gravatar image

Hi,

Just noticed that keystone's ssl certificate expires after a single year. In some cases this would be a inconvenience in most cases this would cause big problems! How can i set this certificate to expire after 10 years? I have tried to edit the following files:

/etc/pki/tls/openssl.cnf
and
/etc/keystone/ssl/certs/openssl.conf

But the certificate keeps being set to expire after a year:

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone Generating RSA private key, 1024 bit long modulus ...........++++++ .........++++++ e is 65537 (0x10001) Generating RSA private key, 1024 bit long modulus .............++++++ ........++++++ e is 65537 (0x10001) Using configuration from /etc/keystone/ssl/certs/openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Unset' localityName :PRINTABLE:'Unset' organizationName :PRINTABLE:'Unset' commonName :PRINTABLE:'www.example.com' Certificate is to be certified until Oct 27 19:44:26 2014 GMT (365 days)

Write out database with 1 new entries Data Base Updated

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-12-02 16:44:28 -0500

paulreiber gravatar image

Per http://docs.openstack.org/admin-guide... you must obtain the x509 certificates externally and configure them.

You can generate your own cert via 'openssl x509 [...]' - and indeed there are options that'll let you generate a cert that'll live as long as you would like.

edit flag offensive delete link more
0

answered 2014-12-02 17:09:32 -0500

Those self signed certs are just for testing and you should not use that in production. In case if you want to increase the expiry change the following value in keystone.conf before creating certs

valid_days=3650

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-10-27 09:50:02 -0500

Seen: 1,878 times

Last updated: Dec 02 '14