Document how to switch out expired signing certificate with no cloud outage
Bug #1333503 reported by
Anne Gentle
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Medium
|
Alexandra Settle |
Bug Description
1. Generate a new signing key
2. Generate a new certificate request
3. Sign this with the existing CA to generate a new signing_cert.
4. Append the new signing cert to the old signing cert. Make sure the old cert is first in the file.
5. Remove all signing certs from all your hosts to force nova etc to download the new signing_cert(s)
6. Replace the signing key with the new signing key AND at the same time flip the signing_cert file so the new signing cert is now first in the file.
After the old cert has expired you can safely remove the old signing cert from the file.
Changed in openstack-manuals: | |
status: | Confirmed → Triaged |
Changed in openstack-manuals: | |
assignee: | nobody → Alexandra Settle (alexandra-settle) |
Changed in openstack-manuals: | |
milestone: | none → liberty |
To post a comment you must log in.
Anne, would you mind providing a link to the bug, please?