fuel-dev team mailing list archive
-
fuel-dev team
-
Mailing list archive
-
Message #01304
How to manage and shared a self-signed certificate for OSt public endpoint?
Hi folks,
I'm currently writing a specification to enable SSL for OSt public
endpoint [1]. I'm using HAProxy to manage SSL and I have a question when we
are in HA mode (I mean with more than one HAProxy). My first thought was to
generate a self-signed certificate with puppet and put this certificate on
the controller where it can be used by HAProxy. The problem is if we have
several HAProxy. In my scenario there will be several different
certificates. So another idea is to generate the self-signed certificate
from the fuel master (using the CN of the VIP) and then distribute it to
controller nodes through a mechanism like mcollective. Does it make sense
to you? Who can help me to find where this can be done into fuel?
Thanks a lot for your help,
Best Regards,
Guillaume
[1] https://review.openstack.org/#/c/102273/
Follow ups