f125a8b892
This change addresses a long-standing issue in rST documentation imported from XML.
That import process added backslash escapes in front of various characters. The three
most common being '(', ')', and '_'.
These instances are removed.
Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: Id43a9337ffcd505ccbdf072d7b29afdb5d2c997e
2.1 KiB
Install/Update the StarlingX Rest and Web Server Certificate
Use the following procedure to install or update the certificate for the REST API application endpoints (Keystone, Barbican and ) and the web administration server.
Obtain an intermediate or Root -signed server certificate and key from a trusted Intermediate or Root . Refer to the documentation for the external Intermediate or Root that you are using, on how to create public certificate and private key pairs, signed by intermediate or a Root , for HTTPS.
For lab purposes, see Create Certificates Locally using openssl
<create-certificates-locally-using-openssl> for how to
create a test Intermediate or Root certificate and key, and use it to
sign test server certificates.
Put the encoded versions of the server certificate and key in a single file, and copy the file to the controller host.
Note
If you plan to use the container-based remote CLIs, due to a limitation in the Python2 SSL certificate validation, the certificate used for the REST API application endpoints and Web Administration Server ('ssl') certificate must either have:
CN=IPADDRESS and SANs=IPADDRESS
or
CN=FQDN and SANs=FQDN
where IPADDRESS and FQDN are for the OAM Floating IP Address.
Install/update the copied certificate.
For example:
~(keystone_admin)]$ system certificate-install -m ssl <pathTocertificateAndKey>where:
<pathTocertificateAndKey>
is the path to the file containing both the intermediate or Root -signed server certificate and private key to install.
Warning
The REST and Web Server certificate are not automatically renewed, user MUST renew the certificate prior to expiry, otherwise a variety of system operations will fail.