[Openstack] -[keystone] help configure keystone for token ssl x509 authorization

schmitt Mon, 04 Jul 2016 08:29:34 -0700

Hi,
I am learning to configure keystone for tokenless  ssl x509  authorization, 
according to the document: 
http://docs.openstack.org/developer/keystone/configure_tokenless_x509.html.
when making self-signed certificate with command openssl,
I don't know how to define issuer DN and subject DN for ssl x509.
Is it right as the following?
For example ,
If using  tokenless authorization between nova service and keystone,
i define issuer DN  like the following:
E=schm...@openstack.com
CN=schmitt
OU=keystone
O=openstack
L=Sunnyvale
S=California
C=US
and define subject DN like the following:
E=n...@openstack.com
CN=nova          #nova user defined in the configuration item 
[keystone_authtoken]file“/etc/nova/nova.conf”
OU=default
O=defalult
L=Sunnyvale
S=California
C=US



Also,is there something special between subject DN and openstack service?
Thanks & Regards,

schmitt

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] -[keystone] help configure keystone for token ssl x509 authorization

Reply via email to