openstack-manuals/keystone-ca.rst at d09bb5c8d4e8a413f8074b3419e906a064629053

Gauvain Pocentek cce63f68aa [config-ref] Tables update

Change-Id: Ia766f93b9ce5b1560ebe37da65bd70be61a0fdd1

2016-03-19 08:34:45 +01:00

3.8 KiB

Raw Blame History

Description of CA and SSL configuration options
Configuration option = Default value	Description
[eventlet_server_ssl]
`ca_certs` = `/etc/keystone/ssl/certs/ca.pem`	(String) DEPRECATED: Path of the CA cert file for SSL.
`cert_required` = `False`	(Boolean) DEPRECATED: Require client certificate.
`certfile` = `/etc/keystone/ssl/certs/keystone.pem`	(String) DEPRECATED: Path of the certfile for SSL. For non-production environments, you may be interested in using keystone-manage ssl_setup to generate self-signed certificates.
`enable` = `False`	(Boolean) DEPRECATED: Toggle for SSL support on the Keystone eventlet servers.
`keyfile` = `/etc/keystone/ssl/private/keystonekey.pem`	(String) DEPRECATED: Path of the keyfile for SSL.
[signing]
`ca_certs` = `/etc/keystone/ssl/certs/ca.pem`	(String) DEPRECATED: Path of the CA for token signing. PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
`ca_key` = `/etc/keystone/ssl/private/cakey.pem`	(String) DEPRECATED: Path of the CA key for token signing. PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
`cert_subject` = `/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com`	(String) DEPRECATED: Certificate subject (auto generated certificate) for token signing. PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
`certfile` = `/etc/keystone/ssl/certs/signing_cert.pem`	(String) DEPRECATED: Path of the certfile for token signing. For non-production environments, you may be interested in using keystone-manage pki_setup to generate self-signed certificates. PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
`key_size` = `2048`	(Integer) DEPRECATED: Key size (in bits) for token signing cert (auto generated certificate). PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
`keyfile` = `/etc/keystone/ssl/private/signing_key.pem`	(String) DEPRECATED: Path of the keyfile for token signing. PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
`valid_days` = `3650`	(Integer) DEPRECATED: Days the token signing cert is valid for (auto generated certificate). PKI token support has been deprecated in the M release and will be removed in the O release. Fernet or UUID tokens are recommended.
[ssl]
`ca_key` = `/etc/keystone/ssl/private/cakey.pem`	(String) Path of the CA key file for SSL.
`cert_subject` = `/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost`	(String) SSL certificate subject (auto generated certificate).
`key_size` = `1024`	(Integer) SSL key length (in bits) (auto generated certificate).
`valid_days` = `3650`	(Integer) Days the certificate is valid for once signed (auto generated certificate).

3.8 KiB Raw Blame History

3.8 KiB

Raw Blame History