keystone-manage pki_setup does not create pem files

Bug #1155361 reported by Mark Miller on 2013-03-14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Jamie Lennox

Bug Description

Looks like there’s a bug in pki_setup. It didn’t generate the SSL certs, only the signing certs. Workaround is to make ssl using the signing certs for now.

enable = True
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = False

Also, if your keystone process is not running as root, make sure the file perms for the pem files are set properly.



enable = True
#enable = False
certfile = /etc/keystone/ssl/certs/keystone.pem
keyfile = /etc/keystone/ssl/private/keystonekey.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = False


Dolph Mathews (dolph) on 2013-03-19
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
Dolph Mathews (dolph) on 2013-03-19
summary: - keystone-manage pki_setup does create keytone pem files
+ keystone-manage pki_setup does not create pem files
tags: added: grizzly-rc-potential
Mark McLoughlin (markmc) on 2013-03-19
tags: added: grizzly-backport-potential
Thierry Carrez (ttx) on 2013-04-02
tags: removed: grizzly-rc-potential
Adam Young (ayoung) on 2013-04-04
Changed in keystone:
assignee: nobody → Jamie Lennox (jamielennox)

Fix proposed to branch: master

Changed in keystone:
status: Triaged → In Progress

Submitter: Jenkins
Branch: master

commit 28ef9cdcc6073c2f6600d30b401dcbce81afd4df
Author: Jamie Lennox <email address hidden>
Date: Thu Apr 4 17:44:01 2013 +1000

    Generate HTTPS certificates with ssl_setup.

    Extracts common OpenSSL functionality from pki_setup and adds a new cli
    command ssl_setup which re-uses this base to generate SSL certificates
    for https.

    Change-Id: Ia34827583bcdfbd871133250681010e642271f07
    Fixes: bug 1155361

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-05-29
Changed in keystone:
milestone: none → havana-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-1 → 2013.2
Alan Pevec (apevec) on 2014-03-30
tags: removed: grizzly-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers