Changes between Version 2 and Version 3 of GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys

Timestamp:

05/21/15 13:29:36 (9 years ago)

Author:

sdabideen@bbn.com

Comment:

--

GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys

@@ -16 +16 @@
 }}}
 
+Create the signing_cert 
 {{{
 openssl ca -config openssl.conf -keyfile cakey.pem -cert ca.pem -in signing_cer\
@@ -22 +23 @@
 y
 }}}
-
-Change the permissions of the new cert:
+Move the signing key and change ownership:
+{{{
+mv signing_key.pem ../private
 chown keystone.keystone signing_cert_new.pem
-
-
 sudo keystone-manage pki_setup  --keystone-user keystone --keystone-group keystone
+}}}
 
 
@@ -43 +44 @@
 cp /etc/keystone/ssl/certs/ca.pem /var/lib/glance/keystone-signing/cacert.pem
 cp /etc/keystone/ssl/certs/signing_cert.pem /var/lib/glance/keystone-signing/signing_cert.pem
+sudo chown glance.glance /var/lib/glance/keystone-signing/cacert.pem
+sudo chown glance.glance /var/lib/glance/keystone-signing/signing_cert.pem
 restart glance-api
 restart glance-registry
 }}}
 
+You may need to change the ownership of the certs (other than glance) to keystone.keystone
 
+Glance's certs must be glance.glance