SSL Certificate Failed Verification

asked 2016-10-24 14:53:29 -0500

stevewallone gravatar image

updated 2016-11-04 15:36:59 -0500

rbowen gravatar image

When executing an openstack command, it is failing to verify a certificate that was signed by an internal CA.

  • CentOS 7
  • Root CA installed in /etc/pki/ca-trust/source/anchors

    $ openstack server list
    Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. SSL exception connecting to https://XXXXX :13000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)

Does the root CA need to be placed in another area for the command line to pick it up?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2017-05-02 00:20:15 -0500

If the cert is imported then set the OS CA path.

export OS_CACERT=/etc/ssl/certs/

Otherwise set the path to the certificate.

export OS_CACERT=/path/to/cacertFile

That being said I have a 2.3.0 version client on an older box that does not need this and defaults to the OS certificate store, however I am not seeing when this behavior was changed. I do not expect this to be addressed soon if at all based on the response here. (

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-10-24 14:47:05 -0500

Seen: 8,883 times

Last updated: May 02 '17