Ask Your Question

keystone ssl certificate expires after one year

asked 2013-10-27 09:50:02 -0500

Bart van den Heuvel gravatar image


Just noticed that keystone's ssl certificate expires after a single year. In some cases this would be a inconvenience in most cases this would cause big problems! How can i set this certificate to expire after 10 years? I have tried to edit the following files:


But the certificate keeps being set to expire after a year:

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone Generating RSA private key, 1024 bit long modulus ...........++++++ .........++++++ e is 65537 (0x10001) Generating RSA private key, 1024 bit long modulus .............++++++ ........++++++ e is 65537 (0x10001) Using configuration from /etc/keystone/ssl/certs/openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Unset' localityName :PRINTABLE:'Unset' organizationName :PRINTABLE:'Unset' commonName :PRINTABLE:'' Certificate is to be certified until Oct 27 19:44:26 2014 GMT (365 days)

Write out database with 1 new entries Data Base Updated

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2014-12-02 16:44:28 -0500

paulreiber gravatar image

Per you must obtain the x509 certificates externally and configure them.

You can generate your own cert via 'openssl x509 [...]' - and indeed there are options that'll let you generate a cert that'll live as long as you would like.

edit flag offensive delete link more

answered 2014-12-02 17:09:32 -0500

Those self signed certs are just for testing and you should not use that in production. In case if you want to increase the expiry change the following value in keystone.conf before creating certs


edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-10-27 09:50:02 -0500

Seen: 2,121 times

Last updated: Dec 02 '14