openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #22247
PKI Token Queston
Hello,
I have enabled PKI tokens on my Keystone Server
[ssl]
#enable = True
enable = False
##certfile = /etc/keystone/ssl/certs/keystone.pem
##keyfile = /etc/keystone/ssl/private/keystonekey.pem
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = False
[signing]
#token_format = UUID
token_format = PKI
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
key_size = 1024
valid_days = 3650
ca_password = None
When I perform a REST API call to Keystone from Java to get a token, I was expecting to get an encrypted token that further had to be decoded with a public key and then base64 decoded. However, the key I get back is only base64 encoded. Why isn't it encoded with the private key?
Mark