Bug 1341694
Summary: | Document that OSP-d need to trust OverCloud CA cert | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | David Juran <djuran> |
Component: | documentation | Assignee: | Dan Macpherson <dmacpher> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Martin Lopes <mlopes> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 (Liberty) | CC: | adahms, djuran, dmacpher, mlopes, srevivo |
Target Milestone: | ga | Keywords: | Documentation, ZStream |
Target Release: | 9.0 (Mitaka) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-31 14:15:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Juran
2016-06-01 14:14:39 UTC
Assigning to Martin for review. Checking with Dan. @David Juran, I've got an updated version of the SSL/TLS cert config here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/director-installation-and-usage/appendix-a-ssl-tls-certificate-configuration I've tested it and backported to OSP8 and 7. Is there any chance you can have a look at this page? Please let me know if there's anything that needs to be corrected. I've pushed an update to restructure the SSL/TLS section: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/director-installation-and-usage/#appe-SSLTLS_Certificate_Configuration David, how does it look now? Not sure why the commandline didn't work, I'm fairly sure I've used it, but I think the main docs, regarding the injection of the CA cert into the trust achors now look good (-: Cool. Any chance you still have access to the cert files you generated? If so, can you check them with the following command... # openssl x509 -text -in [CERT FILE] ... and post the results of the X509v3 extensions section? If you've got a section for "X509v3 Subject Alternative Name", that means I've done something wrong in my test. Otherwise, am I okay to close this BZ? Closing BZ. Will djuran over IRC. |