SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib for Keystone configuring with SSL.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi,
Installed Openstack Identity service(2013.1.1) through apt-get.
Ref Link: https:/
I've configured SSL with keystone by following the below steps.
1) Created client, server and CA cert files using openssl.
Ref Link: https:/
2) Created endpoints for keystone with HTTPS.
3) Configured in [ssl] of /etc/keystone/
enable = True
certfile = /root/certs/
keyfile = /root/certs/
ca_certs = /root/certs/ca.crt (Certificate Authority)
cert_required = True
4) Created openrc
export OS_TENANT_NAME=demo
export OS_USERNAME=admin
export OS_PASSWORD=secrete
export OS_AUTH_URL=https:/
export OS_CERT=
export OS_CACERT=
export OS_SERVICE_
export OS_SERVICE_
export OS_REGION_
5) Source openrc.
6) Started keystone using /usr/bin/
But the issue is when i start the keystone using service keystone start. Then i'm getting the following error while trying to list users, tenants, endpoints etc.
Traceback (most recent call last):
File "/usr/lib/
log=
File "/usr/lib/
client_socket = sock.accept()
File "/usr/lib/
suppress_
File "/usr/lib/
super(
File "/usr/lib/
ciphers)
SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:
This is not working in the case of running keystone as service.
Thanks,
Sasikiran
affects: | launchpad → keystone |
description: | updated |
Changed in keystone: | |
status: | New → Invalid |
tags: | added: pki |
The user under which the keystone runs should be granted access on the filesystem to the certificates. Put them to another location (maybe /etc/keystone/ssl) and chown to keystone user there. Then the service should start.