e047fc42c6
This combines the client and server certificate options to make typical deployments simpler. The same certificate will be used by a fingergw acting as a client or a server. A new option is added to tell fingergw to use the cert only for client use; that way a fingergw can act as an unencrypted end-user gateway while still able to connect to encrypted servers. The options are renamed to tls_* to match zookeeper; once gearman is removed, we will have no ssl_* options. Documentation and a release note for TLS fingergw support is added. Change-Id: If3e445336de4644a5303f2ecc7c4a27e4320d042 |
||
|---|---|---|
| .. | ||
| README.rst | ||
| fingergw.csr | ||
| fingergw.key | ||
| fingergw.pem | ||
| root-ca.key | ||
| root-ca.pem | ||
| root-ca.srl | ||
README.rst
# Steps used to create our certs
# Generate CA cert openssl req -new -newkey rsa:2048 -nodes -keyout root-ca.key -x509 -days 3650 -out root-ca.pem -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=fingergw-ca"
# Generate server keys CLIENT='fingergw' openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=fingergw" openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial