Create PEM files to SSL connection on Keystone

Asked by Marcos Lobo

I'm trying to configure SSL connection for keystone (havana-2 release) such as indicated on this link http://docs.openstack.org/developer/keystone/configuration.html#signing-certificate-issued-by-external-ca.

I have 2 files right now:

    newcert.cer
    user.cert

Now, how can I obtain the signing_cert.pem, signing_key.pem and cacert.pem files?

Thank you very much.

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Solved by:
Haneef Ali
Solved:
Last query:
Last reply:
Revision history for this message
Best Haneef Ali (haneef) said :
#1

What are those file newcert.cer and user.cert? How did you get it?

I'm assuming external CA means public CA such as verisin, godaddy etc

Cacert.pem -- You should get from the external CA who has singed it. e.g if is well known public CA , then you can also download from the browser as the browser has all the CA certs

cert.pem -- When you submit your cert request file, the external CA will give you a singed file, that is cert.pem

singing_key.pem -- You would have first generated the key, that is the signing key

openssl req -newkey rsa:2048 -keyout signing_key.pem -keyform PEM -out signing_cert_req.pem -outform PEM -config cert_req.conf -nodes

if you had executed the above command, then you would have got the signing_key.pem

Revision history for this message
Marcos Lobo (marcos-fermin-lobo) said :
#2

Thanks Haneef Ali, that solved my question.