Bug 1312143

Summary: Documentation: 8.0 undercloud + SSL, need to add the cert to the list of CAs trusted on the system
Product: Red Hat OpenStack Reporter: Alexander Chuzhoy <sasha>
Component: documentationAssignee: Dan Macpherson <dmacpher>
Status: CLOSED CURRENTRELEASE QA Contact: RHOS Documentation Team <rhos-docs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: dmacpher, dyocum, kbasil, sasha, srevivo, vcojot
Target Milestone: ---Keywords: Documentation
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-16 04:41:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Alexander Chuzhoy 2016-02-25 21:01:50 UTC 
Documentation: 8.0 undercloud + SSL, need to add the cert to the list of CAs trusted on the system

In addition to the steps described here for configuring ssl for undercloud:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/7/html-single/Director_Installation_and_Usage/index.html#appe-SSL_Certificate_Configuration


for 8.0 need to add the following steps:

sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
Comment 2 Dan Yocum 2016-03-17 20:51:27 UTC 
An alternative is to add the root-ca.pem to the undercloud.pem file ALONG WITH the server.key file, thusly:

cat server-cert.pem server-key.pem ca-cert.pem > undercloud.pem
Comment 5 Alexander Chuzhoy 2016-06-09 18:18:19 UTC 
Verified.
The doc now lists:
$ sudo cp server-cert.pem /etc/pki/ca-trust/source/anchors/
$ sudo update-ca-trust extract
Comment 6 Dan Macpherson 2016-06-16 04:41:27 UTC 
Changes now live on the customer portal.