starlingx/docs
Code Issues Proposed changes
docs/doc/source/security/openstack/install-a-trusted-ca-certificate.rst
Elisamara Aoki Goncalves 7286dd31c1 Cleanup of 'system' certificate CLI/RestAPI 
Remove deprecated CLIs.

Story: 2010848
Task: 50153

Change-Id: Ia5e160d6bf80a3ae80b5cbf6a6a6a0c3365bd8b3
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2024-06-21 13:39:41 +00:00

1.2 KiB
Raw Blame History

Install a Trusted CA Certificate

A trusted certificate can be added to the service containers such that the containerized OpenStack services can validate certificates of far-end systems connecting or being connected to over HTTPS. This is commonly done to enable certificate validation of clients connecting to OpenStack service REST API endpoints.

  1. Install a trusted certificate for OpenStack using the following command to override all OpenStack Helm Charts.

    ~(keystone_admin)$ system os-certificate-install -m ca certificate_file>

    where <certificate_file> contains a single certificate to be trusted.

    Running the command again with a different certificate in the file will replace this openstack trusted certificate.

  2. Apply the updated Helm chart overrides containing the certificate changes:

    ~(keystone_admin)$ system application-apply -openstack