https://stackoverflow.com/questions/19382158
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFirst -> [face palm]
It turns out you can just bundle the intermediate CA cert with your certificate and have keystone send that to the https client.
The Apache + mod_wsgi way is still better IMHO
Keystone SSL config with intermediate CA cert
-
30-06-2022 - |
Question
I'm trying to configure keystone with ssl certs from an intermediate CA.
Is there any way of getting keystone to "serve" the intermediate CA's cacert to clients?
I've tried setting it in keystone.conf with ca_certs option under both [ssl] and [signing] sections but some https clients (firefox, curl, wget & keystone-client) still do not trust the certs.
It works with Chrome(ium) and Opera tho.
NB. Running Keystone via Apache works but i'm looking for a standalone Keystone implementation.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
