My objective is to create a stack using Heat. Initially, my code worked properly with http access but when our Openstack is updated the access is becoming via https so I got the errors I sent in the previous email. So I think I need to *authenticate *using the .pem certificate. But, I don't know where exactely (which location) I put the .pem file in order to be visible to the heatclient (or keystone) and how shall I update my code ?
I am confusing a little bit! Thanks in advance. Best regards. 2017-11-09 9:05 GMT+01:00 Juan Antonio Osorio <jaosor...@gmail.com>: > Alright, > > So, first question. What do you actually want to do? Do you need to > authenticate with the heat endpoint with TLS (using client certificates) ? > Or, do you want to merely use TLS to communicate with Heat and you're > getting this verification issue? > > On Wed, Nov 8, 2017 at 10:48 PM, David Gabriel <davidgab...@gmail.com> > wrote: > >> I forget to send the errors I got: >> >> File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", line >> 109, in create >> data=kwargs, headers=headers) >> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >> line 223, in json_request >> resp = self._http_request(url, method, **kwargs) >> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >> line 166, in _http_request >> **kwargs) >> File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line >> 53, in request >> return session.request(method=method, url=url, **kwargs) >> File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", >> line 468, in request >> resp = self.send(prep, **send_kwargs) >> File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", >> line 576, in send >> r = adapter.send(request, **kwargs) >> File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", >> line 447, in send >> raise SSLError(e, request=request) >> SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> 127.0.0.1 - - [08/Nov/2017 20:34:56] "POST /stack_create HTTP/1.1" 500 >> 2801 >> >> >> 2017-11-08 21:43 GMT+01:00 David Gabriel <davidgab...@gmail.com>: >> >>> Dear Juan, >>> >>> Thanks so much for your reply. >>> I fact, the command you suggest leads to the structure of a .pem file >>> like it is shown in the reference you provide. >>> >>> Let me please ask another question related to the new pem file. >>> In fact, I want to use use it in to call python-heatclient API in order >>> to create stacks (Openstack address is based on https). >>> I am wondering, where to copy this pem file and how to refer it ? >>> >>> Thanks in advance. >>> Best regards. >>> >>> >>> >>> 2017-11-08 15:39 GMT+01:00 Juan Antonio Osorio <jaosor...@gmail.com>: >>> >>>> Hello, >>>> >>>> You need to verify the files and check how they look like. A good guide >>>> to do this is this one http://how2ssl.com/articles/wo >>>> rking_with_pem_files/ . >>>> .cert and .key are not actual formats, but might actually contain the >>>> cert and the key in PEM format. The main giveaway is that they should >>>> contain the header. If you will use the file for HAProxy, then you need the >>>> certificate and key in the same file. So you would do something like this: >>>> >>>> $ cat mycertificate.cert mykey.key > cert-and-key.pem >>>> >>>> And the resulting file is something you could use for your HAProxy >>>> instance. But again, it all depends on what you will use it for. >>>> >>>> On Wed, Nov 8, 2017 at 3:36 PM, David Gabriel <davidgab...@gmail.com> >>>> wrote: >>>> >>>>> Dears, >>>>> >>>>> I need to generate the .pem file based on certifcate files (.cert). >>>>> The key (.key file) is available too. >>>>> All my files can be read as text files. >>>>> Could you please detail the procedure for this ? >>>>> I am using ubuntu as OS. >>>>> >>>>> Thanks in advance. >>>>> Best regards. >>>>> >>>>> ____________________________________________________________ >>>>> ______________ >>>>> OpenStack Development Mailing List (not for usage questions) >>>>> Unsubscribe: openstack-dev-requ...@lists.op >>>>> enstack.org?subject:unsubscribe >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Juan Antonio Osorio R. >>>> e-mail: jaosor...@gmail.com >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstack >>>> Post to : openst...@lists.openstack.org >>>> Unsubscribe : http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstack >>>> >>>> >>> >> > > > -- > Juan Antonio Osorio R. > e-mail: jaosor...@gmail.com > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev