yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1238288] Re: SSL CA Certificate config fail

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Nzomo <kazikubwa@xxxxxxxxx>
Date: Wed, 06 Nov 2013 09:28:48 -0000
Reply-to: Bug 1238288 <1238288@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[face palm].....I could have just bundled the intermediate CA cert with
my server cert and have keystone send that to the https client instead.


** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1238288

Title:
  SSL CA Certificate config fail

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Keystone (atleast with Havana ver RC1) seems to ignore specification of CA certificates with the `ca_certs` directive in the `[ssl]` section of keystone.conf.
  As a result, some https clients (firefox, curl & wget) raise cert errors during connections ( as they don't bother to auto search for the CAcert like chrome or opera do ) 

  Note. Running keystone via Apache and specifying the same CAcert with
  the directive `SSLCACertificateFile` works and serves as a  good
  stopgap or alternative solution

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1238288/+subscriptions