| Summary: | SSL/TLS configuration tries to sign a 2048 bit server key with a 4096 bit CA cert | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Ken Savich <ksavich> |
| Component: | documentation | Assignee: | Dan Macpherson <dmacpher> |
| Status: | CLOSED NOTABUG | QA Contact: | RHOS Documentation Team <rhos-docs> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.0 (Mitaka) | CC: | dcadzow, dlamotta, dmacpher, ksavich, srevivo |
| Target Milestone: | --- | ||
| Target Release: | 10.0 (Newton) | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-03-01 22:40:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Ken Savich
2016-09-21 13:57:09 UTC
Hi Ken, Thanks for reporting this. What kind of error are you experiencing? I only ask because I've been able to successfully create separate CA and servers certs using keys with different bit sizes, so if you're experiencing an error it might be due to something else. I tested this out and have successfully been able to sign the 2048 bit CSR with the 4096 bit CA. I'll attach a log to show what I mean. I've also been able to use certs and keys created with the same process successfully with test Underclouds and Overclouds. So I can change them to the same bit size, but I don't think it'll make much difference if you're experiencing an error. How did you want to proceed? Dan I haven't had a chance to test again. I'll be able to do some more testing the week of 10/31 thanks |