openstack team mailing list archive

Thread
Date

Resolved: Grizzly-3 Keystone SSL Connection Refused

To: "Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
From: "Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>
Date: Thu, 14 Mar 2013 21:58:06 +0000
Accept-language: en-US
In-reply-to: <D6182642CE6D2D4FBFCDF99946E249883B2ACDBD@G9W0343.americas.hpqcorp.net>
Thread-index: Ac4g+yqI3xKX57E6Snm8nTrF80coYgAA8Bsw
Thread-topic: Resolved: Grizzly-3 Keystone SSL Connection Refused

Looks like there's a bug in pki_setup. It didn't generate the SSL certs, only the signing certs. Workaround is to make ssl using the signing certs for now.

[ssl]
enable = True
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = False

Also, if your keystone process is not running as root, make sure the file permissions for the pem files are set properly.

Guang


From: openstack-bounces+mark.m.miller=hp.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+mark.m.miller=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Miller, Mark M (EB SW Cloud - R&D - Corvallis)
Sent: Thursday, March 14, 2013 2:31 PM
To: openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)
Subject: [Openstack] Grizzly-3 Keystone SSL Connection Refused

Hello,

I was able to setup a Grizzly-2 Keystone server with PKI and SSL enabled on an Ubuntu 12.04 server. I updated to Grizzly-3 and am able to enable PKI but not SSL. I get "Connection refused". Has anyone else run into this problem? Does anyone else have SSL working with Grizzly-3 Keystone?

Regards,

Mark

Follow ups

Re: Resolved: Grizzly-3 Keystone SSL Connection Refused
From: Dolph Mathews, 2013-03-14

References

Grizzly-3 Keystone SSL Connection Refused
From: Miller, Mark M (EB SW Cloud - R&D - Corvallis), 2013-03-14