openstack/openstack-manuals
Code Issues Proposed changes

Added verbiage elaborating on what files are needed for pki_setup.

Browse Source 
Further explained what is needed and needing copied when setting
this up.

Change-Id: Ia9fc9f4f142bd322c61bb398dd3e42df7b3c69c7
Closes-Bug: #1321000
This commit is contained in:
Steven Deaton 2014-09-01 03:05:22 -05:00
parent 088328eda9
commit d8b70f0e4c
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/common/section_keystone_certificates-for-pki.xml
View File

@ -222,6 +222,15 @@ emailAddress = keystone@openstack.org
<para>Make sure the certificate directory is only <para>Make sure the certificate directory is only
accessible by root.</para> accessible by root.</para>
</note> </note>
<note>
<para>The copying of the key and cert files may be better done
after first running <command>keystone-manage pki_setup</command>
since this command also creates other needed files, such
as the <filename>index.txt</filename> and <filename>serial</filename> files.</para>
<para>Also, when copying the necessary files to a different server
for replicating the functionality, the entire directory of
files is needed, not just the key and cert files.</para>
</note>
<para>If your certificate directory path is different from the <para>If your certificate directory path is different from the
default <filename>/etc/keystone/ssl/certs</filename>, make default <filename>/etc/keystone/ssl/certs</filename>, make
sure it is reflected in the <literal>[signing]</literal> sure it is reflected in the <literal>[signing]</literal>