Changes between Version 1 and Version 2 of GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys
- Timestamp:
- 02/27/15 09:55:36 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys
v1 v2 4 4 5 5 # This makes the Certificate Signing Request (CSR) 6 {{{ 6 7 openssl req -newkey rsa:2048 -keyout signing_key.pem -keyform PEM -out signing_\ 7 8 cert_req.pem -outform PEM -config openssl.conf -nodes … … 13 14 US 14 15 clemson-clemson-control-1 16 }}} 15 17 16 18 {{{ 17 19 openssl ca -config openssl.conf -keyfile cakey.pem -cert ca.pem -in signing_cer\ 18 20 t_req.pem -out signing_cert_new.pem 19 21 y 20 22 y 21 23 }}} 22 24 23 25 Change the permissions of the new cert: … … 29 31 30 32 The other openstack services maintain their own copy of the cert, so you must replace them: 33 {{{ 31 34 cp /etc/keystone/ssl/certs/ca.pem /var/lib/nova/keystone-signing/cacert.pem 32 35 cp /etc/keystone/ssl/certs/signing_cert.pem /var/lib/nova/keystone-signing/signing_cert.pem … … 42 45 restart glance-api 43 46 restart glance-registry 47 }}} 44 48 45 49