Public bug reported: Both of these tools generate Self-signed CA certificates. As such, they are only appropriate for development deployments, and should be treated as such. While sites with mature PKI policies would recognize this, that majority of people new to Open Stack are not PKI experts, and are using the provided tools. The http://docs.openstack.org/developer/keystone/configuration.html #certificates-for-pki should state this clearly.
** Affects: keystone Importance: Undecided Assignee: Adam Young (ayoung) Status: New ** Changed in: keystone Assignee: (unassigned) => Adam Young (ayoung) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1291366 Title: documentation should advice against using pki_setup and ssl_setup Status in OpenStack Identity (Keystone): New Bug description: Both of these tools generate Self-signed CA certificates. As such, they are only appropriate for development deployments, and should be treated as such. While sites with mature PKI policies would recognize this, that majority of people new to Open Stack are not PKI experts, and are using the provided tools. The http://docs.openstack.org/developer/keystone/configuration.html #certificates-for-pki should state this clearly. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1291366/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp