openstack/charm-deployment-guide
Code Issues Proposed changes

Fix Octavia key creation

Browse Source 
A recent improvement to the Octavia page neglected to
encrypt the generated private keys. In this commit,
cipher suite AES-256 was chosen without mode, allowing
the default, which I believe is CBC.

Closes-Bug: #1948506
Change-Id: I999b76b1d80341509c6a2e29a68ccd9dfa8481a8
This commit is contained in:
Peter Matulis
2022-01-19 12:28:31 -05:00
parent 57e75a0488
commit e830357899
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
deploy-guide/source/app-octavia.rst
View File

@@ -114,14 +114,14 @@ examples only; modify the parameters as required.
touch demoCA/index.txt
touch demoCA/index.txt.attr
openssl genpkey -algorithm RSA -pass pass:foobar -out issuing_ca_key.pem
openssl genpkey -algorithm RSA -aes256 -pass pass:foobar -out issuing_ca_key.pem
openssl req -x509 -passin pass:foobar -new -nodes -key issuing_ca_key.pem \
-config /etc/ssl/openssl.cnf \
-subj "/C=US/ST=Somestate/O=Org/CN=www.example.com" \
-days 365 \
-out issuing_ca.pem
openssl genpkey -algorithm RSA -pass pass:foobar -out controller_ca_key.pem
openssl genpkey -algorithm RSA -aes256 -pass pass:foobar -out controller_ca_key.pem
openssl req -x509 -passin pass:foobar -new -nodes \
-key controller_ca_key.pem \
-config /etc/ssl/openssl.cnf \