How can I change the self signed certificate that services use?

asked 2015-10-17 06:19:29 -0600

5-jason-h gravatar image


I have a kilo install that is using a self signed cert for keystone and horizon. They all seem to be using the same cert. If I update the keystone.conf file, nothing changes. It still uses the default cert. I cannot figure out where its located or what I can edit to use my signed cert.

edit retag flag offensive close merge delete


Did you check the ssl certificates configured in apache and does keystone is hosted behind apache ?

jayaprakash gravatar imagejayaprakash ( 2015-10-19 02:09:35 -0600 )edit

/etc/apache2/ssl is empty. Thats why I can't figure out how the ssl session is even working.

5-jason-h gravatar image5-jason-h ( 2015-10-19 02:33:35 -0600 )edit

I found the cert in the haproxy config. It doesnt verify by command line when running nova commands but the horizon web works with the new cert.

5-jason-h gravatar image5-jason-h ( 2015-10-21 19:57:46 -0600 )edit