SSL Certificate for Netscaler Installation
Knowing how to configure SSL for keystone is not really that hard. It may seem a bit complicated but once you get to know the steps in configuring your SSL Certificate for keystone, you will be able to do this without any problems.
Godaddy is a great option for reliable, cheap SSL certs. Get the best price.
Configuring SSL for Keystone
If you want to set up SSL for keystone, follow the guide below:
The first thing that you should do to start configuring SSL for keystone is to simply run the setup. Run the command below to do so:
keystone-manage ssl_setup
- Configure your SSL for keystone.
After that, run the command below so that you can configure the SSL Cert for keystone. This will generate the certificate file and the key file.
[ssl]
enable = True
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
ca_key = /etc/keystone/ssl/certs/cakey.pem
key_size = 1024
valid_days = 3650
ca_password = None
cert_required = False
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=host.yoursite.org
Make sure that you have a backup of the directory /etc/keystone/ssl. This will ensure that you will have a copy of the files and be able to re-upload them when something goes wrong. Then, run the code below to configure the keystone SSL setup:
mv /etc/keystone/ssl /etc/keystone/ssl.bk
keystone-manage ssl_setup –keystone-user keystone –keystone-group keystone
- Configure the Keystone service endpoint.
To make the setup work properly, you need to recreate the server and endpoint. This will ensure that the configuration will work properly. You will need to delete the old endpoint and make new ones.
export SERVICE_ENDPOINT=http://host.yoursite.org:35357/v2.0
export SERVICE_TOKEN=************
After deleting the service and endpoint, run the command below. It will create the new service and endpoint.
COMMON_NAME=host.yoursite.org
KEYSTONE_SERVICE=$(keystone service-create –name=keystone \
–type=identity \
–description=”Keystone Identity Service” \
| grep ‘ id ‘ | awk ‘{print $4}’)
keystone endpoint-create –region RegionOne –service-id $KEYSTONE_SERVICE \
–publicurl “https://$COMMON_NAME:\$(public_port)s/v2.0” \
–adminurl “https://$COMMON_NAME:\$(admin_port)s/v2.0” \
–internalurl https://$COMMON_NAME:\$(public_port)s/v2.0
Then, modify the admin rc file by running this command:
$ cat novarc
Then, run this command:
export OS_USERNAME=admin
export OS_PASSWORD=***********
After that, run this:
export OS_TENANT_NAME=demo # This could be different from yours.
export OS_AUTH_URL=https://host.yoursite.org:35357/v2.0
export OS_CACERT=/etc/keystone/ssl/certs/ca.pem
- Restart keystone.
After doing all those configurations, you can now restart keystone to apply all changes.
restart keystone
When making changes on anything regarding keystone or your files, make it a point to back up all your files first. This way, you will have your original and untouched files that you can easily re-upload when needed. Since this can be a sensitive and complicated process, particularly for beginners, it is recommended that all files be backed up prior to any changes.
Save your files in a secured folder to ensure that your backup data will not be lost or accessed by third party entities. It is also advisable to contact GoDaddy or Symantec if you have questions about SSL Certificate configurations on various machines and configurations so that you can be guided accordingly. This will not only make things easier but more convenient on your part as well.
