Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Glance with SSL: sslv3 alert handshake failure

Hi, I'm currenty trying to reconfigure a working OpenStack test environment that I've set up using the OpenStack Guide for Ubuntu 14.04 [1]. I want each service so use SSL so the traffic between the nodes is encrypted. Keystone already works using SSL (tested using keystone --insecure endpoint-list). I've used keystone-manage ssl_setup to generate the certs and keys. For now I want to use the same certs and keys for every service. Unfortunately I'm getting the following error with glance:

curl https://ControllerNode.sdn:9292 -k
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

glance --insecure --debug image-list
curl -i -X GET -H ยด'User-Agent: python-glanceclient' -H 'Content-Type: application/octet-stream' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'X-Auth-Token: ***' -k --cert None --key None https://ControllerNode.sdn:9292/v1/images/detail?sort_key=name&sort_dir=asc&limit=20
Error finding address for https://ControllerNode.sdn:9292/v1/images/detail?sort_key=name&sort_dir=asc&limit=20: [Errno 1] _ssl.c:510: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure


cert_file = /etc/glance/ssl/certs/keystone.pem
key_file = /etc/glance/ssl/private/keystonekey.pem
ca_file = /etc/glance/ssl/certs/ca.pem
registry_client_protocol = https
registry_client_key_file = /etc/glance/ssl/private/keystonekey.pem
registry_client_cert_file = /etc/glance/ssl/certs/keystone.pem
registry_client_ca_file = /etc/glance/ssl/certs/ca.pem
registry_client_insecure = True


cert_file = /etc/glance/ssl/certs/keystone.pem
key_file = /etc/glance/ssl/private/keystonekey.pem
ca_file = /etc/glance/ssl/certs/ca.pem

Does anyone happen to know what the problem could be in this case? I'm assuming it is a Glance related problem because Keystone seems to work fine.

Python 2.7.6
curl 7.35.0