![]() In certain cases, the heat metadata and cert may not be available when the element is first ran. We should make a trivial attempt to guess if the cert is likely to be valid before attempting to install it. Change-Id: Id0fcb3828f0cdfafdbb7d421377642ee50240907 |
||
---|---|---|
.. | ||
os-apply-config/etc/ssl | ||
os-refresh-config/configure.d | ||
README.md |
README.md
Install and trust a CA at the operating system level, making it available for use by OpenStack services and other network clients authenticating SSL-secured connections.
Configuration
ssl:
ca_certificate: certdata
The CA certificate will be written to /etc/ssl/from-heat-ca.crt and installed using update-ca-certificates (apt-based distros) or update-ca-trusts (yum-based distros).
This may be used in conjunction with openstack-ssl to enable SSL-secure connections between OpenStack services, or independently to enable secure integration with external resources such as Keystone -> LDAP server or Cinder -> external backend.
If multiple CA certificates are to be trusted, they should be concatenated in PEM format within the single ca_certificate property defining the trust store.