Ask Your Question

dulek's profile - activity

2014-07-22 02:38:22 -0500 received badge  Famous Question (source)
2014-05-28 08:45:28 -0500 received badge  Notable Question (source)
2014-05-10 20:27:51 -0500 received badge  Popular Question (source)
2014-05-09 03:31:18 -0500 received badge  Scholar (source)
2014-05-09 03:31:16 -0500 received badge  Supporter (source)
2014-05-08 09:41:20 -0500 asked a question keystone, cert_required and nova

I'm trying to configure Keystone in my OpenStack setup to use SSL. I'm currently playing with cert_required flag in keystone.conf:

[ssl]
enable = True
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = True

Unfortunately if it's set to True I'm unable to connect to nova using it's CLI client:

SSLError: [Errno 1] _ssl.c:504: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

In keystone CLI client I can specify --os-key and --os-cert options to do a proper SSL handshake and then it works. These options are missing in nova CLI client. How can I use cert_required option with nova? Maybe the option is prepared to be used in other scenarios?