f89156f38e
Change “wr-openstack” instances to “|prefix|-openstack”. PS2: Use |prefix| substitution instead of "stx" PS3, 4, 5, 6, 7: Fix table alignment PS8: Replace table with text for |prefix| usage Closes-Bug: 1948045 Change-Id: I41f804dd83d480e99a9c8ebfc252def3de0215ea Signed-off-by: MCamp859 <maryx.camp@intel.com>
36 lines
1.2 KiB
ReStructuredText
36 lines
1.2 KiB
ReStructuredText
|
|
.. fak1590002084693
|
|
.. _install-a-trusted-ca-certificate:
|
|
|
|
================================
|
|
Install a Trusted CA Certificate
|
|
================================
|
|
|
|
A trusted |CA| certificate can be added to the |prod-os| service containers
|
|
such that the containerized OpenStack services can validate certificates of
|
|
far-end systems connecting or being connected to over HTTPS. This is commonly
|
|
done to enable certificate validation of clients connecting to OpenStack
|
|
service REST API endpoints.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
.. _install-a-trusted-ca-certificate-steps-unordered-am5-xgt-vlb:
|
|
|
|
#. Install a trusted |CA| certificate for OpenStack using the following
|
|
command to override all OpenStack Helm Charts.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system certificate-install -m openstack_ca <certificate_file>
|
|
|
|
where ``<certificate_file>`` contains a single |CA| certificate to be trusted.
|
|
|
|
Running the command again with a different |CA| certificate in the file
|
|
will *replace* this openstack trusted |CA| certificate.
|
|
|
|
#. Apply the updated Helm chart overrides containing the certificate changes:
|
|
|
|
.. parsed-literal::
|
|
|
|
~(keystone_admin)$ system application-apply |prefix|-openstack
|