yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1194001] [NEW] SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib for Keystone configuring with SSL.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1194001@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Jun 2013 05:51:03 -0000
Reply-to: Bug 1194001 <1194001@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

Hi,


Installed Openstack Identity service(2013.1.1) through apt-get.
Ref Link: https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst

I've configured SSL with keystone by following the below steps.

1) Created client, server and CA cert files using openssl.
Ref Link: https://forums.openvpn.net/topic10261.html

2) Created endpoints for keystone with HTTPS.

3) Configured in [ssl] of /etc/keystone/keystone.conf
	
	enable = True
	certfile = /root/certs/server_cert_key.pem (server cert + server key)
	keyfile = /root/certs/server.key (server key)
	ca_certs = /root/certs/ca.crt (Certificate Authority)
	cert_required = True

	
4) Created openrc

	export OS_TENANT_NAME=demo
	export OS_USERNAME=admin
	export OS_PASSWORD=secrete
	export OS_AUTH_URL=https://10.233.53.117:5000/v2.0/
	export OS_CERT=/root/certs/client_cert_key.pem (client cert + client key)
	export OS_CACERT=/root/certs/ca.crt (Certificate Authority)
	export OS_SERVICE_ENDPOINT=https://10.233.53.117:35357/v2.0/
	export OS_SERVICE_TOKEN=ADMIN
	export OS_REGION_NAME=RegionOne
	
5) Source openrc.
	
6) Started keystone using /usr/bin/keystone-all then Keystone commands are working.


But the issue is when i start the keystone using service keystone start. Then i'm getting the following error while trying to list users, tenants, endpoints etc.

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 135, in _run
    log=WritableLogger(log))
  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 663, in server
    client_socket = sock.accept()
  File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 279, in accept
    suppress_ragged_eofs=self.suppress_ragged_eofs)
  File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 46, in __init__
    super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)
  File "/usr/lib/python2.7/ssl.py", line 141, in __init__
    ciphers)
SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib


Why this is not working in the case of running keystone as service.

Thanks,
Sasikiran

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib for Keystone configuring with SSL.
https://bugs.launchpad.net/bugs/1194001
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone.