puppet-openstack-integration/contrib/ssl-ipv4.conf
Alfredo Moralejo e40e6d934b Fix ipv6 certificate to make it compliant with IDNA
Currently we are setting "DNS.0 = ::1", but ::1 is not a valid
A-Label for IDNA so the certificate is not correct.

Additionally, we are setting wrong value for DNS.0 = 127.0.0.1
in the ipv4 certificate.

Finally, removing issuerAltName from both ipv4 and ipv6 certificates
as they are not needed for the jobs.

New versions of python-cryptography are more strict to check
certificates content and does not allow to have not compliant
DNS names so we need to fix the certificate to bump python-cryptography.

Note that horizont tempest plugin does not support ipaddress SANs based
certificate validation so I'm disablint certificate validation for
dashboard in this patch.

Depends-On: Iea7a4b85ac64572fac0f0ad871649a79fbc1c0f5

Change-Id: Ib519d222e07e26d3683b24359e2f67728cdd8029
2018-03-20 22:38:03 +01:00

41 lines
933 B
Plaintext

# Generate key and create a self-signed certificate:
# $ openssl req \
# -x509 \
# -config ssl-ipv4.conf \
# -newkey rsa:2048 \
# -keyform PEM \
# -out ipv4.crt \
# -outform PEM \
# -days 3650 \
# -nodes
#
[ req ]
default_bits = 2048
default_keyfile = ipv4.key
default_md = sha256
prompt = no
distinguished_name = distinguished_name
req_extensions = v3_req
x509_extensions = v3_ca
[ v3_req ]
subjectAltName = @alt_names
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName = @alt_names
[alt_names]
IP.0 = 127.0.0.1
DNS.0 = localhost
[ distinguished_name ]
commonName = 127.0.0.1
countryName = US
stateOrProvinceName = North Carolina
localityName = Raleigh
organizationName = Red Hat Inc.
organizationalUnitName = OpenStack