I am currently facing the same problem in my fresh installed OpenStack Newton environment based on Ubuntu 16.04. I am using HaProxy with SSL termination in conjuntion with a certificate that was signed by a private CA. export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=XYZ export OS_AUTH_URL=http://os-identity:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 export OS_INTERFACE=internal export OS_ENDPOINT_TYPE=internalURL export OS_CACERT=ca-bundle.crt $ barbican secret list --debug --verbose found extension EntryPoint.parse('table = cliff.formatters.table:TableFormatter') found extension EntryPoint.parse('json = cliff.formatters.json_format:JSONFormatter') found extension EntryPoint.parse('csv = cliff.formatters.commaseparated:CSVLister') found extension EntryPoint.parse('value = cliff.formatters.value:ValueFormatter') found extension EntryPoint.parse('yaml = cliff.formatters.yaml_format:YAMLFormatter') Creating Client object Listing secrets - offset 0 limit 10 Making authentication request to http://os-identity:35357/v3/auth/tokens Starting new HTTP connection (1): os-identity "POST /v3/auth/tokens HTTP/1.1" 201 9409 {"token": {"is_domain": false, "methods": ["password"], "roles": [{"id": "fb20e9e62be542a6811633eee89e2522", "name": "admin"}], "expires_at": "2016-10-20T07:02:00.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "d332c49688364651a7fca7c866a3f933", "name": "admin"}, "catalog": [{"endpoints": [{"url": "http://os-share.mycompany.com:8786/v2/d332c49688364651a7fca7c866a3f933", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "4a3f1119cf8c474497fd0eed7ad169ca"}, {"url": "http://os-share.mycompany.com:8786/v2/d332c49688364651a7fca7c866a3f933", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "9f84336b5e4a41a5b3f78801da161859"}, {"url": "https://os-cloud.mycompany.com:8786/v2/d332c49688364651a7fca7c866a3f933", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "a875805c09d5488e8d9ee2059a0019a7"}], "type": "sharev2", "id": "25282b680d3a4cf6937d835c45abca91", "name": "manilav2"}, {"endpoints": [{"url": "http://os-telemetry.mycompany.com:8777", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "8eb09f9526504b6b99e0d3a8eb9d61e8"}, {"url": "http://os-telemetry.mycompany.com:8777", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "ec4d14282af341378b5afea5dc1125d8"}, {"url": "https://os-cloud.mycompany.com:8777", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "f11ab122167544f3baaa0213ac52c9af"}], "type": "metering", "id": "3251920fb8a34543855a121e4f597110", "name": "ceilometer"}, {"endpoints": [{"url": "http://os-compute.mycompany.com:8774/v2.1/d332c49688364651a7fca7c866a3f933", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "1d3917f4c04d4eb4976160232a12cc6e"}, {"url": "http://os-compute.mycompany.com:8774/v2.1/d332c49688364651a7fca7c866a3f933", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "60abdad53da84be8996ac7e47debb5d4"}, {"url": "https://os-cloud.mycompany.com:8774/v2.1/d332c49688364651a7fca7c866a3f933", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "de4fc7d4f4f743d7986de7b57faa0142"}], "type": "compute", "id": "804317e354d14c92ad5788334fe6770d", "name": "nova"}, {"endpoints": [{"url": "https://os-cloud.mycompany.com:8000/v1", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "3f028796a49d4ce2a5360fcdad23f3d8"}, {"url": "http://os-cloudformation.mycompany.com:8000/v1", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "42b43034a5264a838018bfea08602e9b"}, {"url": "http://os-cloudformation.mycompany.com:8000/v1", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "b3a21c35165f48bfabce53381985b8e9"}], "type": "cloudformation", "id": "804c7d774a1a4a278365c76a9844e93e", "name": "heat-cfn"}, {"endpoints": [{"url": "http://os-alarming.mycompany.com:8042", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "2f4c3cc09363455ebc3e723da9ca1fc3"}, {"url": "http://os-alarming.mycompany.com:8042", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "3e47e552b6014af2957351e232a5928c"}, {"url": "https://os-cloud.mycompany.com:8042", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "97e2a1f028b94c08932d9fc04fa5b833"}], "type": "alarming", "id": "945b6d890a4346828d591b7b113d2aa5", "name": "aodh"}, {"endpoints": [{"url": "https://os-cloud.mycompany.com:9311", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "335a5a770f764b95afe80bb711ee9dca"}, {"url": "http://os-securestore.mycompany.com:9312", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "6ef655c47cf4497fbc0dc3ae76ff344c"}, {"url": "http://os-securestore.mycompany.com:9311", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "b0a742a09d594c3b8c82020a1f06fde5"}], "type": "key-manager", "id": "952d4274ec8942a69e564e379d9d86df", "name": "barbican"}, {"endpoints": [{"url": "http://os-blockstorage.mycompany.com:8776/v1/d332c49688364651a7fca7c866a3f933", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "9ff959f0218c4dcb958035f0395d45c2"}, {"url": "https://os-cloud.mycompany.com:8776/v1/d332c49688364651a7fca7c866a3f933", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "b99eb2c7679e4295abf7298b0eef9496"}, {"url": "http://os-blockstorage.mycompany.com:8776/v1/d332c49688364651a7fca7c866a3f933", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "bffae2962b954f53a91ad514f65edad7"}], "type": "volume", "id": "ba1bdc1d209340bc807434c38f6c0b29", "name": "cinder"}, {"endpoints": [{"url": "http://os-share.mycompany.com:8786/v1/d332c49688364651a7fca7c866a3f933", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "04de056de5e04a69bed694b44f0b1779"}, {"url": "http://os-share.mycompany.com:8786/v1/d332c49688364651a7fca7c866a3f933", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "3d5b8b12705047a0baa50459114e3a62"}, {"url": "https://os-cloud.mycompany.com:8786/v1/d332c49688364651a7fca7c866a3f933", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "7076592539204776a707e4171d6c14f9"}], "type": "share", "id": "bd638e4991d34e3c904d8338e6339a73", "name": "manila"}, {"endpoints": [{"url": "https://os-cloud.mycompany.com:8776/v2/d332c49688364651a7fca7c866a3f933", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "6dc138b3cdd842cd8d1c39db22396415"}, {"url": "http://os-blockstorage.mycompany.com:8776/v2/d332c49688364651a7fca7c866a3f933", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "9552a38669a5470f9ae7626771e91aaf"}, {"url": "http://os-blockstorage.mycompany.com:8776/v2/d332c49688364651a7fca7c866a3f933", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "e6a60fbf2d49436daa52ef4e4a7d2556"}], "type": "volumev2", "id": "c820ddf366e64ce88a99409a5181f6ea", "name": "cinderv2"}, {"endpoints": [{"url": "http://os-image.mycompany.com:9292", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "502435aa129444f693d2d6f85da23d84"}, {"url": "https://os-cloud.mycompany.com:9292", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "86e00a718b444d35964c326ec609881b"}, {"url": "http://os-image.mycompany.com:9292", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "87fbe7182ea84e7a9e142dff55aee107"}], "type": "image", "id": "d0aa810a01f744a6907b38693afcb81a", "name": "glance"}, {"endpoints": [{"url": "http://os-identity.mycompany.com:35357/v3/", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "20aec522a4474677a5780cd0ce6ce8c3"}, {"url": "https://os-cloud.mycompany.com:5000/v3/", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "39d2ba6beccb4250af75af1647a65d33"}, {"url": "http://os-identity.mycompany.com:35357/v3/", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "429e655cfdc44fb6a3e04e366895df11"}], "type": "identity", "id": "ddc873e0027445e09b429f5337e1b429", "name": "keystone"}, {"endpoints": [{"url": "https://os-cloud.mycompany.com:7480/swift/v1", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "0aad4c7ca979439ea0ad227c475005e5"}, {"url": "http://os-objectstorage.mycompany.com:7480/swift/v1", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "558a978cea0b4c4a8a4814acd902e1fa"}, {"url": "http://os-objectstorage.mycompany.com:7480/swift/v1", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "a152423501e948968d9092705545ff26"}], "type": "object-store", "id": "e29bc989ec3440d7a89e95ee549fa6a1", "name": "swift"}, {"endpoints": [{"url": "https://os-cloud.mycompany.com:9696", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "6b3f6cf5f3324c81911c9f435a2fbe28"}, {"url": "http://os-network.mycompany.com:9696", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "8fe1d5976a004c3f82faa8e5886ae865"}, {"url": "http://os-network.mycompany.com:9696", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "919fb2a8d8294e978c6dc52cd2b2bf34"}], "type": "network", "id": "f5c15a25507a4c8d8906bf1408b17c45", "name": "neutron"}, {"endpoints": [{"url": "https://os-cloud.mycompany.com:8004/v1/d332c49688364651a7fca7c866a3f933", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "028aa5777f604b26829bbad59b070053"}, {"url": "http://os-orchestration.mycompany.com:8004/v1/d332c49688364651a7fca7c866a3f933", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "a5b9058e62bf4359a731e9b9d1f7c5ee"}, {"url": "http://os-orchestration.mycompany.com:8004/v1/d332c49688364651a7fca7c866a3f933", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "c18767e478b840f6b50aee1c2c7b7a8f"}], "type": "orchestration", "id": "ffd10ed04124439c8935696af72902c0", "name": "heat"}], "user": {"domain": {"id": "default", "name": "Default"}, "id": "ba6f9eddfd154b88b6a45d218fb5b310", "name": "admin"}, "audit_ids": ["EHSVP3-QRzGxwcR6_4jrBA"], "issued_at": "2016-10-20T06:02:00.000000Z"}} REQ: curl -g -i -X GET https://os-cloud.mycompany.com:9311 -H "Accept: application/json" -H "User-Agent: python-keystoneclient" Starting new HTTPS connection (1): os-cloud.mycompany.com Failed to contact the endpoint at https://os-cloud.mycompany.com:9311 for discovery. Fallback to using that endpoint as the base url. REQ: curl -g -i -X GET https://os-cloud.mycompany.com:9311/secrets -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}2ae10d09051d8279122c4a9a2297d7a5c5673e91" Starting new HTTPS connection (2): os-cloud.mycompany.com SSL exception connecting to https://os-cloud.mycompany.com:9311/secrets: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 387, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 100, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/dist-packages/barbicanclient/barbican_cli/secrets.py", line 122, in take_action algorithm=args.algorithm, mode=args.mode, bits=args.bit_length) File "/usr/lib/python2.7/dist-packages/barbicanclient/secrets.py", line 576, in list response = self._api.get(self._entity, params=params) File "/usr/lib/python2.7/dist-packages/barbicanclient/client.py", line 72, in get return super(_HTTPClient, self).get(*args, **kwargs).json() File "/usr/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 176, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/dist-packages/barbicanclient/client.py", line 64, in request resp = super(_HTTPClient, self).request(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 101, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 404, in request resp = send(**kwargs) File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 442, in _send_request raise exceptions.SSLError(msg) SSLError: SSL exception connecting to https://os-cloud.mycompany.com:9311/secrets: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) Traceback (most recent call last): File "/usr/bin/barbican", line 10, in sys.exit(main()) File "/usr/lib/python2.7/dist-packages/barbicanclient/barbican.py", line 339, in main return barbican_app.run(argv) File "/usr/lib/python2.7/dist-packages/barbicanclient/barbican.py", line 334, in run return super(Barbican, self).run(argv) File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 267, in run result = self.run_subcommand(remainder) File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 387, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 100, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/dist-packages/barbicanclient/barbican_cli/secrets.py", line 122, in take_action algorithm=args.algorithm, mode=args.mode, bits=args.bit_length) File "/usr/lib/python2.7/dist-packages/barbicanclient/secrets.py", line 576, in list response = self._api.get(self._entity, params=params) File "/usr/lib/python2.7/dist-packages/barbicanclient/client.py", line 72, in get return super(_HTTPClient, self).get(*args, **kwargs).json() File "/usr/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 176, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/dist-packages/barbicanclient/client.py", line 64, in request resp = super(_HTTPClient, self).request(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 101, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 404, in request resp = send(**kwargs) File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 442, in _send_request raise exceptions.SSLError(msg) keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://os-cloud.mycompany.com:9311/secrets: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) Unfortunately, certificate verification fails. When I use the option '--insecure' the call succeeds: $barbican secret list --insecure Starting new HTTP connection (1): os-identity Starting new HTTPS connection (1): os-cloud.mycompany.com /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:823: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning) +--------------------------------------------+------+---------------------------+--------+-----------------------------+-----------+------------+-------------+------+------------+ | Secret href | Name | Created | Status | Content types | Algorithm | Bit length | Secret type | Mode | Expiration | +--------------------------------------------+------+---------------------------+--------+-----------------------------+-----------+------------+-------------+------+------------+ | https://os-cloud.mycompany.com:9311/v1/sec | None | 2016-10-20 05:58:00+00:00 | ACTIVE | {u'default': u'text/plain'} | aes | 256 | opaque | cbc | None | | rets/2bdbcaa0-25be-4610-9dcf- | | | | | | | | | | | e5368425fc32 | | | | | | | | | | +--------------------------------------------+------+---------------------------+--------+-----------------------------+-----------+------------+-------------+------+------------+ $ sudo pip freeze | grep -E 'barbi|keystone|openstack' barbican==3.0.0 django-openstack-auth==2.4.1 keystone==10.0.0 keystoneauth1==2.12.1 keystonemiddleware==4.9.0 openstacksdk==0.9.5 python-barbicanclient==4.0.1 python-keystoneclient==3.5.0 python-openstackclient==3.2.0