PKI Tokens are Deprecated - this was in support of pki tokens. ** Changed in: keystone Status: In Progress => Won't Fix
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1287414 Title: Keystone should not require CA key Status in OpenStack Identity (keystone): Won't Fix Bug description: Why do we need CA key? In a real deployment I were to get a cert for my server from Verisign, then verisign won't provide its key. Basically the code should work without CA key. I believe it is not required for ssl setup and signing. [ssl] #enable = True #certfile = /etc/keystone/ssl/certs/keystone.pem #keyfile = /etc/keystone/ssl/private/keystonekey.pem #ca_certs = /etc/keystone/ssl/certs/ca.pem #ca_key = /etc/keystone/ssl/private/cakey.pem #key_size = 1024 #valid_days = 3650 #cert_required = False #cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost [signing] # Deprecated in favor of provider in the [token] section # Allowed values are PKI or UUID #token_format = #certfile = /etc/keystone/ssl/certs/signing_cert.pem #keyfile = /etc/keystone/ssl/private/signing_key.pem #ca_certs = /etc/keystone/ssl/certs/ca.pem #ca_key = /etc/keystone/ssl/private/cakey.pem #key_size = 2048 #valid_days = 3650 #cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1287414/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp