Keystone certificates

When connecting to Keystone through HTTPS, Keystone provides an SSL certificate which, if not signed by a trusted authority, must be manually accepted. Once you agree to trust the certificate it's cached for each future connection attempt to the Keystone server. Alternatively, you can manually upload the Keystone SSL certificate from your local machine.

When connecting to Keystone through HTTPS and configuring the Keystone identity service URL on HCP, you must enter the domain name (not the IP address) of the of the Keystone host. This domain name must match the Subject Common Name in the Keystone SSL certificate. Using the IP for an SSL connection to Keystone fails because the IP doesn't match the certificate Common Name. Additionally, the identity service endpoint URLs registered in the Keystone service must be registered with the domain name matching the Common Name in the SSL certificate.

Any Keystone SSL certificates can be deleted from the OpenStack page of the System Management Console.

Trademark and LegalDisclaimer

© 2016 Hitachi Data Systems Corporation. All rights reserved.