Enable SSL between all Components
OpenStack needs security desperately. Devstack is the primary means of documenting best practices. The avoidance of SSL thus far has been a sign of early stage development.
Keystone thus far has been the only project to be SSL enabled, and it has done custom certificate management. This management is not production quality.
Certmonger is an Operating System component designed to handle certificate request and refresh. It insulates the end user from dependency on a specific CA, or Cryptographic library. Certmonger is available on all major Linux Distributions. Certmonger will handle the X509 certificate management for Devstack, using its ability to selfsign certificates for development.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Adam Young
- Direction:
- Needs approval
- Assignee:
- Adam Young
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Adam Young
Related branches
Related bugs
Sprints
Whiteboard
This is not really something that is needed in a BP this is a deployer "thing" and p. We support this with apache/eventlet/etc and the catalog already.
