starlingx/docs
Code Issues Proposed changes
78263d6d95
docs/doc/source/security/openstack/install-a-trusted-ca-certificate.rst
MCamp859 f89156f38e Remove mention to wr-openstack 
Change “wr-openstack” instances to “|prefix|-openstack”.

PS2: Use |prefix| substitution instead of "stx"
PS3, 4, 5, 6, 7: Fix table alignment
PS8: Replace table with text for |prefix| usage

Closes-Bug: 1948045

Change-Id: I41f804dd83d480e99a9c8ebfc252def3de0215ea
Signed-off-by: MCamp859 <maryx.camp@intel.com>
2021-11-03 22:11:16 -04:00

1.2 KiB
Raw Blame History

Install a Trusted CA Certificate

A trusted certificate can be added to the service containers such that the containerized OpenStack services can validate certificates of far-end systems connecting or being connected to over HTTPS. This is commonly done to enable certificate validation of clients connecting to OpenStack service REST API endpoints.

  1. Install a trusted certificate for OpenStack using the following command to override all OpenStack Helm Charts.

    ~(keystone_admin)$ system certificate-install -m openstack_ca <certificate_file>

    where <certificate_file> contains a single certificate to be trusted.

    Running the command again with a different certificate in the file will replace this openstack trusted certificate.

  2. Apply the updated Helm chart overrides containing the certificate changes:

    ~(keystone_admin)$ system application-apply -openstack