e40e6d934b
Currently we are setting "DNS.0 = ::1", but ::1 is not a valid A-Label for IDNA so the certificate is not correct. Additionally, we are setting wrong value for DNS.0 = 127.0.0.1 in the ipv4 certificate. Finally, removing issuerAltName from both ipv4 and ipv6 certificates as they are not needed for the jobs. New versions of python-cryptography are more strict to check certificates content and does not allow to have not compliant DNS names so we need to fix the certificate to bump python-cryptography. Note that horizont tempest plugin does not support ipaddress SANs based certificate validation so I'm disablint certificate validation for dashboard in this patch. Depends-On: Iea7a4b85ac64572fac0f0ad871649a79fbc1c0f5 Change-Id: Ib519d222e07e26d3683b24359e2f67728cdd8029
41 lines
933 B
Plaintext
41 lines
933 B
Plaintext
# Generate key and create a self-signed certificate:
|
|
# $ openssl req \
|
|
# -x509 \
|
|
# -config ssl-ipv4.conf \
|
|
# -newkey rsa:2048 \
|
|
# -keyform PEM \
|
|
# -out ipv4.crt \
|
|
# -outform PEM \
|
|
# -days 3650 \
|
|
# -nodes
|
|
#
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = ipv4.key
|
|
default_md = sha256
|
|
prompt = no
|
|
distinguished_name = distinguished_name
|
|
req_extensions = v3_req
|
|
x509_extensions = v3_ca
|
|
|
|
[ v3_req ]
|
|
subjectAltName = @alt_names
|
|
|
|
[ v3_ca ]
|
|
basicConstraints = CA:TRUE
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
IP.0 = 127.0.0.1
|
|
DNS.0 = localhost
|
|
|
|
[ distinguished_name ]
|
|
commonName = 127.0.0.1
|
|
countryName = US
|
|
stateOrProvinceName = North Carolina
|
|
localityName = Raleigh
|
|
organizationName = Red Hat Inc.
|
|
organizationalUnitName = OpenStack
|