94bc9ceef1
Using cfssl to regenerate fresh certificates:
rm *
echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert
-initca - | cfssljson -bare ca -
echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key
encipherment","server auth","client auth"]}}}' > ca-config.json
export ADDRESS=127.0.0.1,::1,localhost
export NAME=server
echo
'{"CN":"'$NAME'","hosts":["127.0.0.1"],"key":{"algo":"rsa","size":2048}}'
| cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem
-hostname="$ADDRESS" - | cfssljson -bare $NAME
export ADDRESS=
export NAME=client
echo
'{"CN":"'$NAME'","hosts":["127.0.0.1"],"key":{"algo":"rsa","size":2048}}'
| cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem
-hostname="$ADDRESS" - | cfssljson -bare $NAME
cp ca.pem ca.crt ;
cp ca-key.pem ca.key;
cp client.pem certificate.crt ;
cp client-key.pem privatekey.key ;
Also the results from the related bug show that there is currently no
solution to make self-signed certificates work in conjunction with
raw IPv6 addresses consistently, so we skip the failing test.
Related-Bug: 1656329
Change-Id: I160108059e17122035d8d914c5157b7ce3ada3a5
Team and repository tags
oslo.service -- Library for running OpenStack services
oslo.service provides a framework for defining new long-running services using the patterns established by other OpenStack applications. It also includes utilities long-running applications might need for working with SSL or WSGI, performing periodic operations, interacting with systemd, etc.
- Free software: Apache license
- Documentation: https://docs.openstack.org/oslo.service/latest/
- Source: https://git.openstack.org/cgit/openstack/oslo.service
- Bugs: https://bugs.launchpad.net/oslo.service