keystone/etc/ssl.conf

#
# SAMPLE CONFIG FILE TO TEST SSL
#
# TO USE:
# in /bin, run:
#   ./keystone -c ../etc/ssl.conf
# also run
#   ./sampledata -c ../etc/ssl.conf
#
# Note: this uses the same database as the default conf file. The echo app
# is not designed to support SSL and won't work in this config.
#
# To verify the server is started:
#       curl -k https://localhost:35357/


[DEFAULT]
verbose = False
debug = False
default_store = sqlite
log_file = keystone.ssl.log
log_dir = .
backends = keystone.backends.sqlalchemy
extensions= osksadm, oskscatalog, hpidm
service-header-mappings = {
    'nova' : 'X-Server-Management-Url',
    'swift' : 'X-Storage-Url',
    'cdn' : 'X-CDN-Management-Url'}
service_host = 0.0.0.0
service_port = 5000
service_ssl = True
admin_host = 0.0.0.0
admin_port = 35357
admin_ssl = True
keystone-admin-role = Admin
keystone-service-admin-role = KeystoneServiceAdmin
hash-password = True
certfile = ../examples/ssl/certs/keystone.pem
keyfile = ../examples/ssl/private/keystonekey.pem
ca_certs = ../examples/ssl/certs/ca.pem
cert_required = True

[keystone.backends.sqlalchemy]
sql_connection = sqlite:///keystone.db
sql_idle_timeout = 30
backend_entities = ['Endpoints', 'Credentials',  'EndpointTemplates', 'Tenant', 'User', 'UserRoleAssociation', 'Role', 'Token', 'Service']

[pipeline:admin]
pipeline =
        urlnormalizer
        d5_compat
        admin_api

[pipeline:keystone-legacy-auth]
pipeline =
        urlnormalizer
        legacy_auth
        d5_compat
        service_api

[app:service_api]
paste.app_factory = keystone.server:service_app_factory

[app:admin_api]
paste.app_factory = keystone.server:admin_app_factory

[filter:urlnormalizer]
paste.filter_factory = keystone.frontends.normalizer:filter_factory

[filter:d5_compat]
paste.filter_factory = keystone.frontends.d5_compat:filter_factory

[filter:legacy_auth]
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory