Description of configuration options for ssl
Configuration option = Default value Description
[signing]
ca_certs = /etc/keystone/ssl/certs/ca.pem (StrOpt) Path of the CA for token signing.
ca_key = /etc/keystone/ssl/private/cakey.pem (StrOpt) Path of the CA key for token signing.
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com (StrOpt) Certificate subject (auto generated certificate) for token signing.
certfile = /etc/keystone/ssl/certs/signing_cert.pem (StrOpt) Path of the certfile for token signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates.
key_size = 2048 (IntOpt) Key size (in bits) for token signing cert (auto generated certificate).
keyfile = /etc/keystone/ssl/private/signing_key.pem (StrOpt) Path of the keyfile for token signing.
token_format = None (StrOpt) Deprecated in favor of provider in the [token] section.
valid_days = 3650 (IntOpt) Days the token signing cert is valid for (auto generated certificate).
[ssl]
ca_certs = /etc/keystone/ssl/certs/ca.pem (StrOpt) Path of the ca cert file for SSL.
ca_key = /etc/keystone/ssl/private/cakey.pem (StrOpt) Path of the CA key file for SSL.
cert_required = False (BoolOpt) Require client certificate.
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost (StrOpt) SSL certificate subject (auto generated certificate).
certfile = /etc/keystone/ssl/certs/keystone.pem (StrOpt) Path of the certfile for SSL. For non-production environments, you may be interested in using `keystone-manage ssl_setup` to generate self-signed certificates.
enable = False (BoolOpt) Toggle for SSL support on the Keystone eventlet servers.
key_size = 1024 (IntOpt) SSL key length (in bits) (auto generated certificate).
keyfile = /etc/keystone/ssl/private/keystonekey.pem (StrOpt) Path of the keyfile for SSL.
valid_days = 3650 (IntOpt) Days the certificate is valid for once signed (auto generated certificate).