openstack-manuals/doc/common/tables/keystone-ca.xml

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
  <!--
###################################################################
 WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
###################################################################

     Warning: Do not edit this file. It is automatically
     generated from the software project's code and your changes
     will be overwritten.

     The tool to generate this file lives in openstack-doc-tools
     repository.

     Please make any changes needed in the code, then run the
     autogenerate-config-doc tool from the openstack-doc-tools
     repository, or ask for help on the documentation mailing list,
     IRC channel or meeting.

###################################################################
 WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
###################################################################
-->
  <table rules="all" xml:id="config_table_keystone_ca">
    <caption>Description of CA and SSL configuration options</caption>
    <col width="50%"/>
    <col width="50%"/>
    <thead>
      <tr>
        <th>Configuration option = Default value</th>
        <th>Description</th>
      </tr>
    </thead>
    <tbody>
      <tr>
        <th colspan="2">[eventlet_server_ssl]</th>
      </tr>
      <tr>
        <td><option>ca_certs</option> = <replaceable>/etc/keystone/ssl/certs/ca.pem</replaceable></td>
        <td>(StrOpt) Path of the CA cert file for SSL.</td>
      </tr>
      <tr>
        <td><option>cert_required</option> = <replaceable>False</replaceable></td>
        <td>(BoolOpt) Require client certificate.</td>
      </tr>
      <tr>
        <td><option>certfile</option> = <replaceable>/etc/keystone/ssl/certs/keystone.pem</replaceable></td>
        <td>(StrOpt) Path of the certfile for SSL. For non-production environments, you may be interested in using `keystone-manage ssl_setup` to generate self-signed certificates.</td>
      </tr>
      <tr>
        <td><option>enable</option> = <replaceable>False</replaceable></td>
        <td>(BoolOpt) Toggle for SSL support on the Keystone eventlet servers.</td>
      </tr>
      <tr>
        <td><option>keyfile</option> = <replaceable>/etc/keystone/ssl/private/keystonekey.pem</replaceable></td>
        <td>(StrOpt) Path of the keyfile for SSL.</td>
      </tr>
      <tr>
        <th colspan="2">[signing]</th>
      </tr>
      <tr>
        <td><option>ca_certs</option> = <replaceable>/etc/keystone/ssl/certs/ca.pem</replaceable></td>
        <td>(StrOpt) Path of the CA for token signing.</td>
      </tr>
      <tr>
        <td><option>ca_key</option> = <replaceable>/etc/keystone/ssl/private/cakey.pem</replaceable></td>
        <td>(StrOpt) Path of the CA key for token signing.</td>
      </tr>
      <tr>
        <td><option>cert_subject</option> = <replaceable>/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com</replaceable></td>
        <td>(StrOpt) Certificate subject (auto generated certificate) for token signing.</td>
      </tr>
      <tr>
        <td><option>certfile</option> = <replaceable>/etc/keystone/ssl/certs/signing_cert.pem</replaceable></td>
        <td>(StrOpt) Path of the certfile for token signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates.</td>
      </tr>
      <tr>
        <td><option>key_size</option> = <replaceable>2048</replaceable></td>
        <td>(IntOpt) Key size (in bits) for token signing cert (auto generated certificate).</td>
      </tr>
      <tr>
        <td><option>keyfile</option> = <replaceable>/etc/keystone/ssl/private/signing_key.pem</replaceable></td>
        <td>(StrOpt) Path of the keyfile for token signing.</td>
      </tr>
      <tr>
        <td><option>valid_days</option> = <replaceable>3650</replaceable></td>
        <td>(IntOpt) Days the token signing cert is valid for (auto generated certificate).</td>
      </tr>
      <tr>
        <th colspan="2">[ssl]</th>
      </tr>
      <tr>
        <td><option>ca_key</option> = <replaceable>/etc/keystone/ssl/private/cakey.pem</replaceable></td>
        <td>(StrOpt) Path of the CA key file for SSL.</td>
      </tr>
      <tr>
        <td><option>cert_subject</option> = <replaceable>/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost</replaceable></td>
        <td>(StrOpt) SSL certificate subject (auto generated certificate).</td>
      </tr>
      <tr>
        <td><option>key_size</option> = <replaceable>1024</replaceable></td>
        <td>(IntOpt) SSL key length (in bits) (auto generated certificate).</td>
      </tr>
      <tr>
        <td><option>valid_days</option> = <replaceable>3650</replaceable></td>
        <td>(IntOpt) Days the certificate is valid for once signed (auto generated certificate).</td>
      </tr>
    </tbody>
  </table>
</para>