Changes between Version 1 and Version 2 of GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys


Ignore:
Timestamp:
02/27/15 09:55:36 (9 years ago)
Author:
sdabideen@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys

    v1 v2  
    44
    55# This makes the Certificate Signing Request (CSR)
     6{{{
    67openssl req -newkey rsa:2048 -keyout signing_key.pem -keyform PEM -out signing_\
    78cert_req.pem -outform PEM -config openssl.conf -nodes
     
    1314US
    1415clemson-clemson-control-1
     16}}}
    1517
    16 
     18{{{
    1719openssl ca -config openssl.conf -keyfile cakey.pem -cert ca.pem -in signing_cer\
    1820t_req.pem -out signing_cert_new.pem
    1921y
    2022y
    21 
     23}}}
    2224
    2325Change the permissions of the new cert:
     
    2931
    3032The other openstack services maintain their own copy of the cert, so you must replace them:
     33{{{
    3134cp /etc/keystone/ssl/certs/ca.pem /var/lib/nova/keystone-signing/cacert.pem
    3235cp /etc/keystone/ssl/certs/signing_cert.pem /var/lib/nova/keystone-signing/signing_cert.pem
     
    4245restart glance-api
    4346restart glance-registry
     47}}}
    4448
    4549