Generating and configuring tokens PKIs

Keystone uses cryptographically signed tokens with a private key and is matched against x509 certificate with a public key. Chapter 4, Keystone Identity Service discusses more advanced configurations. In this chapter, we use keystone-manage pki_setup command to generate PKI key pairs and to configure Keystone to use it.

How to do it…

Proceed with the following steps:

Generate PKI keys using keystone-manage pki_setup command:
```
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
```
Note
In keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when openstack-keystone package was installed.
Change ownership of the generated PKI files: ...

Get Production Ready OpenStack - Recipes for Successful Environments now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Production Ready OpenStack - Recipes for Successful Environments by Arthur Berezin

Generating and configuring tokens PKIs

How to do it…

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly