Unhelpful error message when keystone uses self-signed SSL certificates

When keystone is configured to use SSL and its certificates are not signed by a trusted authority, all the keystone client commands return:

Authorization Failed: SSL exception connecting to https://127.0.0.1:35357/v2.0/tokens

It would be better to instruct the user to pass the "--insecure" command-line option to the keystone command.

I set up my keystone with SSL like this:
1) Uncomment the following lines in keystone.conf:
[ssl]
enable = True
certfile = /etc/keystone/pki/certs/ssl_cert.pem
keyfile = /etc/keystone/pki/private/ssl_key.pem
ca_certs = /etc/keystone/pki/certs/cacert.pem
ca_key = /etc/keystone/pki/private/cakey.pem

2) Run 'keystone-manage ssl_setup --keystone-user keystone --keystone-group keystone' and restart the service

3) Change the endpoints in the SQL table to point to https://...

To get the error, source the following file (change the username and password, and make sure the endpoint correctly points to https://...):
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=18ee8218fe2d4e6e
export OS_AUTH_URL=https://127.0.0.1:35357/v2.0/

Now run: keystone user-list
You get: Authorization Failed: SSL exception connecting to https://127.0.0.1:35357/v2.0/tokens
You are supposed to run: keystone --insecure user-list

It's really hard to tell by this error message what the cause of the problems is. In addition to that, there is nothing in the keystone logs. Please provide a more informative error message, and possibly some logs to indicate what went wrong.

Thanks :)