Examples

The following examples will show how to install SSL/TLS for services' endpoints using Apache WSGI proxy configuration for Horizon and configuring native TLS support in Keystone. These examples assume that the administrator has already secured certificates from an internal CA source. If you will be publicly offering Horizon or Keystone, it is important to secure certificates from a global CA. These certificates should be recognized by all browsers, and they have the ability to be validated across the internet.

Let's start with Keystone.

Now that we have our certificates, let's put them in the right place and give them adequate permissions:

# chown keystone /etc/pki/tls/certs/keystone.crt
# chown keystone /etc/pki/tls/private/keystone.key ...

Get OpenStack for Architects - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.