2015-12-03 22:02:01 |
Nipa |
bug |
|
|
added bug |
2015-12-03 22:02:15 |
Nipa |
juniperopenstack: importance |
Undecided |
Critical |
|
2015-12-03 22:02:44 |
Nipa |
juniperopenstack: assignee |
|
prasad miriyala (pmiriyala) |
|
2015-12-03 22:03:05 |
Nipa |
juniperopenstack: milestone |
|
r3.0-fcs |
|
2015-12-03 22:03:32 |
Nipa |
tags |
|
blocker |
|
2015-12-07 22:38:02 |
prasad miriyala |
description |
Server Manager will need to act as interim-CA during provisioning phase and generate key and certs for each of the physical servers
listed in testbed.py.
ServerManager needs to generate the following three files and copy it to each of the servers
1) /etc/contrail/ssl/private/server.key - A unique private key needs to be generated and stored at the default location on the server.
2) /etc/contrail/ssl/certs/server.pem -
a) This is the certificate of the physical server generated using the hostname (FQDN) in testbed.py
b) Server Manager will need to sign the server certificate and generate server.pem and store at the default location.
3)/etc/contrail/ssl/private/ca-cert.pem -
This is the server-manager certificate that will be used by servers to verify the certificates as issued by a trusted CA.
The certificate is generated and stored at the default location.
In addition the ServerManager also needs to support CRL (certificate Revocation List) i,e when a node is removed from
testbed.py then the certs will need to be removed from the default location.
The following commands were used to generated certs, keys and signed by CA
================================================================
Step 1: Generate a Private Key for rootCA
==========================================
openssl genrsa -out rootCA.key 1024
Step 2: Generate a Self Signed rootCA certificate
=================================================
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
(Install rootCA.pem on all nodes as cacert.pem).
Step3: Generate a Private Key for each of the nodes
===================================================
openssl genrsa -out server_a6s17.key 1024
Step 3: Generate a CSR (Certificate Signing Request) which u will send to CA
=============================================================================
openssl req -new -key server_a6s17.key -out server_a6s17.csr
Step 4: Generating a rootCA signed certificate
==============================================
openssl x509 -req -in server_a6s18.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial
-out server_a6s17.crt -days 365
Step 5: Install the signed certificate and private key for use by an ssl server
This allows you to use a single file for certificate and private key
===============================================================================
$(openssl x509 -in server_a6s17.crt; cat server_a6s17.key ) > server.pem
Verify contents of certificate
==============================
openssl x509 -noout -text -in server.pem |
Server Manager will need to act as interim-CA during provisioning phase and generate key and certs for each of the physical servers
listed in testbed.py.
ServerManager needs to generate the following three files and copy it to each of the servers
1) /etc/contrail/ssl/private/server.key - A unique private key needs to be generated and stored at the default location on the server.
2) /etc/contrail/ssl/certs/server.pem -
a) This is the certificate of the physical server generated using the hostname (FQDN) in testbed.py
b) Server Manager will need to sign the server certificate and generate server.pem and store at the default location.
3)/etc/contrail/ssl/private/ca-cert.pem -
This is the server-manager certificate that will be used by servers to verify the certificates as issued by a trusted CA.
The certificate is generated and stored at the default location.
In addition the ServerManager also needs to support CRL (certificate Revocation List) i,e when a node is removed from
testbed.py then the certs will need to be removed from the default location.
The following commands were used to generated certs, keys and signed by CA
================================================================
Step 1: Generate a Private Key for rootCA
==========================================
openssl genrsa -out rootCA.key 1024
Step 2: Generate a Self Signed rootCA certificate
=================================================
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
(Install rootCA.pem on all nodes as cacert.pem).
Step3: Generate a Private Key for each of the nodes
===================================================
openssl genrsa -out server_a6s17.key 1024
Step 3: Generate a CSR (Certificate Signing Request) which u will send to CA
=============================================================================
openssl req -new -key server_a6s17.key -out server_a6s17.csr
Step 4: Generating a rootCA signed certificate
==============================================
openssl x509 -req -in server_a6s18.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial
-out server_a6s18.pem -days 365
Verify contents of certificate
==============================
openssl x509 -noout -text -in server.pem |
|
2015-12-07 22:41:34 |
prasad miriyala |
description |
Server Manager will need to act as interim-CA during provisioning phase and generate key and certs for each of the physical servers
listed in testbed.py.
ServerManager needs to generate the following three files and copy it to each of the servers
1) /etc/contrail/ssl/private/server.key - A unique private key needs to be generated and stored at the default location on the server.
2) /etc/contrail/ssl/certs/server.pem -
a) This is the certificate of the physical server generated using the hostname (FQDN) in testbed.py
b) Server Manager will need to sign the server certificate and generate server.pem and store at the default location.
3)/etc/contrail/ssl/private/ca-cert.pem -
This is the server-manager certificate that will be used by servers to verify the certificates as issued by a trusted CA.
The certificate is generated and stored at the default location.
In addition the ServerManager also needs to support CRL (certificate Revocation List) i,e when a node is removed from
testbed.py then the certs will need to be removed from the default location.
The following commands were used to generated certs, keys and signed by CA
================================================================
Step 1: Generate a Private Key for rootCA
==========================================
openssl genrsa -out rootCA.key 1024
Step 2: Generate a Self Signed rootCA certificate
=================================================
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
(Install rootCA.pem on all nodes as cacert.pem).
Step3: Generate a Private Key for each of the nodes
===================================================
openssl genrsa -out server_a6s17.key 1024
Step 3: Generate a CSR (Certificate Signing Request) which u will send to CA
=============================================================================
openssl req -new -key server_a6s17.key -out server_a6s17.csr
Step 4: Generating a rootCA signed certificate
==============================================
openssl x509 -req -in server_a6s18.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial
-out server_a6s18.pem -days 365
Verify contents of certificate
==============================
openssl x509 -noout -text -in server.pem |
Server Manager will need to act as interim-CA during provisioning phase and generate key and certs for each of the physical servers
listed in testbed.py.
ServerManager needs to generate the following three files and copy it to each of the servers
1) /etc/contrail/ssl/private/server.key - A unique private key needs to be generated and stored at the default location on the server.
2) /etc/contrail/ssl/certs/server.pem -
a) This is the certificate of the physical server generated using the hostname (FQDN) in testbed.py
b) Server Manager will need to sign the server certificate and generate server.pem and store at the default location.
3)/etc/contrail/ssl/certs/ca-cert.pem -
This is the server-manager certificate that will be used by servers to verify the certificates as issued by a trusted CA.
The certificate is generated and stored at the default location.
In addition the ServerManager also needs to support CRL (certificate Revocation List) i,e when a node is removed from
testbed.py then the certs will need to be removed from the default location.
The following commands were used to generated certs, keys and signed by CA
================================================================
Step 1: Generate a Private Key for rootCA
==========================================
openssl genrsa -out rootCA.key 1024
Step 2: Generate a Self Signed rootCA certificate
=================================================
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
(Install rootCA.pem on all nodes as cacert.pem).
Step3: Generate a Private Key for each of the nodes
===================================================
openssl genrsa -out server_a6s17.key 1024
Step 3: Generate a CSR (Certificate Signing Request) which u will send to CA
=============================================================================
openssl req -new -key server_a6s17.key -out server_a6s17.csr
Step 4: Generating a rootCA signed certificate
==============================================
openssl x509 -req -in server_a6s18.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial
-out server_a6s18.pem -days 365
Verify contents of certificate
==============================
openssl x509 -noout -text -in server.pem |
|
2015-12-12 05:15:39 |
Vinay Mahuli |
nominated for series |
|
juniperopenstack/trunk |
|
2015-12-12 05:15:39 |
Vinay Mahuli |
bug task added |
|
juniperopenstack/trunk |
|
2015-12-12 05:15:39 |
Vinay Mahuli |
bug task added |
|
juniperopenstack/trunk |
|
2015-12-18 04:03:55 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-01-15 18:27:23 |
OpenContrail Admin |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2016-01-26 18:06:32 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-03-04 20:33:18 |
OpenContrail Admin |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2016-03-09 06:54:21 |
OpenContrail Admin |
nominated for series |
|
juniperopenstack/r3.0 |
|
2016-03-09 06:54:21 |
OpenContrail Admin |
bug task added |
|
juniperopenstack/r3.0 |
|
2016-03-09 06:54:21 |
OpenContrail Admin |
bug task added |
|
juniperopenstack/r3.0 |
|
2016-03-10 06:06:23 |
OpenContrail Admin |
juniperopenstack: milestone |
r3.0-fcs |
r3.1.0.0-fcs |
|
2016-03-10 06:54:33 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-03-10 07:30:21 |
Vinay Mahuli |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2016-03-10 07:30:33 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-03-10 07:30:49 |
Vinay Mahuli |
juniperopenstack/trunk: milestone |
r3.1.0.0-fcs |
|
|
2016-03-10 07:30:54 |
Vinay Mahuli |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2016-03-10 07:31:02 |
OpenContrail Admin |
juniperopenstack: milestone |
|
r3.1.0.0-fcs |
|
2016-03-10 07:31:50 |
Vinay Mahuli |
juniperopenstack/trunk: milestone |
r3.1.0.0-fcs |
|
|
2016-03-10 07:31:58 |
OpenContrail Admin |
juniperopenstack: milestone |
|
r3.1.0.0-fcs |
|
2016-03-10 07:33:34 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-03-10 07:34:04 |
Vinay Mahuli |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2016-03-10 07:34:10 |
Vinay Mahuli |
juniperopenstack/trunk: milestone |
r3.1.0.0-fcs |
|
|
2016-03-10 07:38:16 |
OpenContrail Admin |
juniperopenstack: milestone |
|
r3.1.0.0-fcs |
|
2016-03-10 07:53:50 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-03-10 07:54:12 |
Vinay Mahuli |
juniperopenstack/trunk: milestone |
r3.1.0.0-fcs |
|
|
2016-03-10 07:54:15 |
Vinay Mahuli |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2016-03-10 07:54:24 |
OpenContrail Admin |
juniperopenstack: milestone |
|
r3.1.0.0-fcs |
|
2016-03-10 07:55:35 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2016-03-10 23:06:53 |
OpenContrail Admin |
juniperopenstack/r3.0: milestone |
|
r3.0.1.0 |
|
2016-03-10 23:06:54 |
OpenContrail Admin |
juniperopenstack/r3.0: status |
In Progress |
Fix Committed |
|
2016-05-04 17:29:55 |
Nagabhushana R |
information type |
Proprietary |
Public |
|