Adding Self-Signed Certificate for Heat and Cinder API Service Endpoints

Configuring Self-Signed Certificate for Heat API Service endpoints  Update /etc/heat/heat.conf  [DEFAULT]  heat_metadata_server_url = https://controller:8000  heat_waitcondition_server_url = https://controller:8000/v1/waitcondition  [clients_keystone]  auth_uri = https://controller:35357  cert_file =  /etc/ssl/client.pem  key_file =  /etc/ssl/client-key.pem  insecure = true  [ec2authtoken]  auth_uri = https://controller:5000/v3  cert_file =  /etc/ssl/client.pem  key_file =  /etc/ssl/client-key.pem  insecure = true  [heat_api]  cert_file = /etc/ssl/client.pem  key_file = /etc/ssl/client-key.pem  [keystone_authtoken]  auth_uri = https://controller:5000  auth_url = https://controller:35357  certfile =  /etc/ssl/client.pem  keyfile =  /etc/ssl/client-key.pem  insecure = true  [trustee]  auth_url = https://controller:35357  After this, make the changes in endpoint urls from http to https in Database or recreate the endpoints […]

Adding Self-Signed Certificate for Nova and Neutron API Service endpoints

Configuring Self-Signed Certificate for Nova API Service endpoints  Update /etc/nova/nova.conf  [DEFAULT]  ssl_only = True    cert = /etc/ssl/client.pem  key = /etc/ssl/client-key.pem  enabled_ssl_apis = osapi_compute,metadata  [glance]  api_servers = https://controller:9292  certfile = /etc/ssl/client.pem  keyfile = /etc/ssl/client-key.pem  insecure = true  [keystone_authtoken]  auth_uri = https://controller:5000  auth_url = https://controller:35357  certfile = /etc/ssl/client.pem  keyfile = /etc/ssl/client-key.pem  insecure = true  The Placement API service endpoints also should be configured with Self-Signed certificate for nova.  In /etc/apache2/sites-available/ location nova-placement-api.conf will be available,this file is used to configure Self-Signed […]

Adding Self-Signed Certificate for Keystone and Glance API Service endpoints

1.Generating Self-Signed Certificates  Enable ssl by typing this command sudo a2enmod ssl  Enabling ssl requires the apache2 service should be restarted, so restart apache by using this command service apache2 restart  Create a directory for the Self-Signed certificate by using sudo mkdir /etc/ssl  Generate Self-Signed Certificate by using the below command sudo openssl req -x509 -nodes -days 365 –newkey rsa:2048 –keyout  /etc/ssl/client.key -out /etc/ssl/client.crt              The above command generates client.key file and client.crt file   Convert the generated files into pem format by […]

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top