Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Horizone and VNC with corporate SSL certificate (Packstack)

I have deployed RDO Pike into my corporate infrastructure. For some reasons only Internet Explorer works perfect. Google Chrome always complain on SSL Errors and does not connect to Openstack Web UI.

However, I have found solution for Horizone In the httpd config file /etc/httpd/conf.d/15-horizon_ssl_vhost.conf, I modified next lines:

SSLCertificateFile      “/etc/pki/tls/certs/openstack.company.com.crt”
SSLCertificateKeyFile   “/etc/pki/tls/certs/openstack.company.com.key”
SSLCACertificatePath    “/etc/pki/tls/certs”
SSLCACertificateFile    “/etc/pki/tls/certs/packstack_cacert.crt”

So I generated CSR file, then KEY file and provided CSR to our Windows-admins who generated CRT file based on my CSR. As you see above, I put exactly my corporate certificates instead of self-signed certificate generated by Packstack.

For now, Google Chrome work fine. But only Horizon. My VNC connections to the instance doesn't work. It works only via IE only :) I found next configuration and tried to change it with my certificates but it doesn't work for me :(

[ORIGINAL] /etc/nova/nova.conf:

cert = /etc/pki/tls/certs/ssl_vnc.crt
key = /etc/pki/tls/certs/ssl_vnc.key
vncserver_proxyclient_address = 10.189.128.95
novncproxy_base_url = https://10.189.128.95:6080/vnc_auto.html

[MODIFIED] /etc/nova/nova.conf:

cert = /etc/pki/tls/certs/openstack.company.com.crt
key = /etc/pki/tls/certs/openstack.company.com.key
vncserver_proxyclient_address = openstack.company.com
novncproxy_base_url = https://openstack.company.com:6080/vnc_auto.html

Did anybody solve it?

Regards, Oleg