diff --git a/doc/source/_vendor/rl-strings.txt b/doc/source/_vendor/rl-strings.txt index 88cb0df49..e247189e4 100644 --- a/doc/source/_vendor/rl-strings.txt +++ b/doc/source/_vendor/rl-strings.txt @@ -240,7 +240,6 @@ .. |openstack-login-protection| replace:: :ref:`Login Protection ` .. |index-security-84d0d8aa401b| replace:: :ref:`Security ` .. |pod-security-admission-controller-8e9e6994100f| replace:: :ref:`Pod Security Admission Controller ` -.. |install-update-the-starlingx-rest-and-web-server-certificate| replace:: :ref:`Install/Update the StarlingX Rest and Web Server Certificate ` .. .. |pod-security-policies| replace:: :ref:`Pod Security Policies ` .. |remove-portieris| replace:: :ref:`Remove Portieris ` .. |delete-ldap-linux-accounts-7de0782fbafd| replace:: :ref:`Delete LDAP Linux Accounts ` diff --git a/doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst b/doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst index 5169fef76..9e511f23c 100644 --- a/doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst +++ b/doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst @@ -388,7 +388,6 @@ Deprecated Functionality starlingx-rest-api-applications-and-the-web-administration-server-deprecated enable-https-access-for-starlingx-rest-and-web-server-endpoints - install-update-the-starlingx-rest-and-web-server-certificate *************************************** diff --git a/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst b/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst deleted file mode 100644 index 5eaef334e..000000000 --- a/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst +++ /dev/null @@ -1,78 +0,0 @@ - -.. law1570030645265 -.. _install-update-the-starlingx-rest-and-web-server-certificate: - -============================================================ -Install/Update the StarlingX Rest and Web Server Certificate -============================================================ - -Use the following procedure to install or update the certificate for the |prod| -REST API application endpoints (Keystone, Barbican and |prod|) and the -|prod| web administration server. - -.. rubric:: |prereq| - -Obtain an intermediate or Root |CA|-signed server certificate and key from a -trusted Intermediate or Root |CA|. Refer to the documentation for the external -Intermediate or Root |CA| that you are using, on how to create public -certificate and private key pairs, signed by intermediate or a Root |CA|, for -HTTPS. - -For lab purposes, see :ref:`Create Certificates Locally using openssl -` for how to create a test -Intermediate or Root |CA| certificate and key, and use it to sign test -server certificates. - -Put the |PEM| encoded versions of the server certificate and key in a single -file, and copy the file to the controller host. - -.. note:: - - If you plan to use the container-based remote CLIs, due to a limitation in - the Python2 SSL certificate validation, the certificate used for the |prod| - REST API application endpoints and |prod| Web Administration Server ('ssl') - certificate must either have: - - #. CN=IPADDRESS and SANs=IPADDRESS - - or - - #. CN=FQDN and SANs=FQDN - - where IPADDRESS and FQDN are for the OAM Floating IP Address. - - -.. rubric:: |proc| - -- Install/update the copied certificate. - - For example: - - .. code-block:: none - - ~(keystone_admin)]$ system certificate-install -m ssl - - where: - - **** - - is the path to the file containing both the intermediate or Root - |CA|-signed server certificate and private key to install. - -.. warning:: - - The REST and Web Server certificate are not automatically renewed, user - MUST renew the certificate prior to expiry, otherwise a variety of system - operations will fail. - -.. note:: - - Ensure the certificates have RSA key length >= 2048 bits. The - |prod-long| Release |this-ver| provides a new version of ``openssl`` which - requires a minimum of 2048-bit keys for RSA for better security / encryption - strength. - - You can check the key length by running ``openssl x509 -in -noout -text`` - and looking for the "Public-Key" in the output. For more information see - :ref:`Create Certificates Locally using openssl `. - diff --git a/doc/source/security/kubernetes/one-single-root-ca-multiple-server-client-certificates-0692df6ce16d.unused b/doc/source/security/kubernetes/one-single-root-ca-multiple-server-client-certificates-0692df6ce16d.unused index b45d66ec0..0053d0333 100644 --- a/doc/source/security/kubernetes/one-single-root-ca-multiple-server-client-certificates-0692df6ce16d.unused +++ b/doc/source/security/kubernetes/one-single-root-ca-multiple-server-client-certificates-0692df6ce16d.unused @@ -38,10 +38,6 @@ trusted |CA| list. ` on how to generate server certificates from the Root |CA| certificate. - Pay attention to the notes about the certificate’s |SAN| on section - :ref:`Install/Update the StarlingX Rest and Web Server Certificate - `. - Optionally, set the subject fields uniquely for systemController and each of the subclouds. diff --git a/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst b/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst index f9bbba91b..7a9b724bf 100644 --- a/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst +++ b/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst @@ -44,6 +44,4 @@ hosts. For more details, refer to: -- :ref:`enable-https-access-for-starlingx-rest-and-web-server-endpoints` - -- :ref:`install-update-the-starlingx-rest-and-web-server-certificate` +:ref:`enable-https-access-for-starlingx-rest-and-web-server-endpoints`