Merge "admin-guide-cloud-rst: Split up identity"

2015-07-19 05:46:31 +00:00
parent 32c5c54256 40d3d03f11
commit 4aaf319c2a
18 changed files with 834 additions and 849 deletions
--- a/doc/admin-guide-cloud-rst/source/keystone_certificates_for_pki.rst
+++ b/doc/admin-guide-cloud-rst/source/keystone_certificates_for_pki.rst
@@ -1,7 +1,6 @@
-.. :orphan:
-
+====================
 Certificates for PKI
-~~~~~~~~~~~~~~~~~~~~
+====================

 PKI stands for Public Key Infrastructure. Tokens are documents,
 cryptographically signed using the X509 standard. In order to work
@@ -100,7 +99,7 @@ much longer string, such as::
    SrWY8lF3HrTcJT23sZIleg==

 Sign certificate issued by external CA
--------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 You can use a signing certificate issued by an external CA instead of
 generated by ``keystone-manage``. However, a certificate issued by an
@@ -125,7 +124,7 @@ CA involves:
 #. Install External Signing Certificate

 Request a signing certificate from an external CA
-------------------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 One way to request a signing certificate from an external CA is to first
 generate a PKCS #10 Certificate Request Syntax (CRS) using OpenSSL CLI.
@@ -168,7 +167,7 @@ and make sure to ask the certificate to be in PEM format. Also, make sure your
 trusted CA certificate chain is also in PEM format.

 Install an external signing certificate
---------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Assuming you have the following already:

@@ -211,7 +210,7 @@ If your certificate directory path is different from the default
 ``[signing]`` section of the configuration file.

 Switching out expired signing certificates
------------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 The following procedure details how to switch out expired signing
 certificates with no cloud outages.