Description of problem:
"APPENDIX A. SSL/TLS CERTIFICATE CONFIGURATION" of the "Director Installation and Usage Guide"  needs some clarification. I had a customer work through this and could not make it work. Here is the additional details that I suggest as a result of what was not working for my customer:
1) undercloud.conf should not have either 'generate_service_certificate' or 'certificate_generation_ca' set. If they exist they should be removed because the instructions as stated won't work with those parameters set.
2) The only properties that *must* be set are (for example):
stateOrProvinceName_default = Minnesota
commonName_default = 192.168.24.2
The doc as written is non-specific about what parameters *must* be set which causes confusion.
Also, the openssl.cnf that ships with the 10z7 release of OSP 10 does not have 'commonName_default' - it must be added.
3) My customer was retro fitting this into an already deployed undercloud. He did not realize he needed to do an 'openstack undercloud install' to install this configuration. There should be a note to that effect in this appendix also.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Put 'generate_service_certificate = true' and 'certificate_generation_ca = local'in undercloud.conf
2. Follow the instructions as written
'openstack undercloud install' fails (if done)
'openstack undercloud install' succeeds and enables ssl on undercloud public endpoints.