Description of CA and SSL configuration options

Configuration option = Default value	Description
[signing]
ca_certs = /etc/keystone/ssl/certs/ca.pem	(StrOpt) Path of the CA for token signing.
ca_key = /etc/keystone/ssl/private/cakey.pem	(StrOpt) Path of the CA key for token signing.
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com	(StrOpt) Certificate subject (auto generated certificate) for token signing.
certfile = /etc/keystone/ssl/certs/signing_cert.pem	(StrOpt) Path of the certfile for token signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates.
key_size = 2048	(IntOpt) Key size (in bits) for token signing cert (auto generated certificate).
keyfile = /etc/keystone/ssl/private/signing_key.pem	(StrOpt) Path of the keyfile for token signing.
token_format = None	(StrOpt) Deprecated in favor of provider in the [token] section.
valid_days = 3650	(IntOpt) Days the token signing cert is valid for (auto generated certificate).
[ssl]
ca_certs = /etc/keystone/ssl/certs/ca.pem	(StrOpt) Path of the ca cert file for SSL.
ca_key = /etc/keystone/ssl/private/cakey.pem	(StrOpt) Path of the CA key file for SSL.
cert_required = False	(BoolOpt) Require client certificate.
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost	(StrOpt) SSL certificate subject (auto generated certificate).
certfile = /etc/keystone/ssl/certs/keystone.pem	(StrOpt) Path of the certfile for SSL. For non-production environments, you may be interested in using `keystone-manage ssl_setup` to generate self-signed certificates.
enable = False	(BoolOpt) Toggle for SSL support on the Keystone eventlet servers.
key_size = 1024	(IntOpt) SSL key length (in bits) (auto generated certificate).
keyfile = /etc/keystone/ssl/private/keystonekey.pem	(StrOpt) Path of the keyfile for SSL.
valid_days = 3650	(IntOpt) Days the certificate is valid for once signed (auto generated certificate).