OpenStack Dashboard (Horizon)

Use the specified CA certificate for verifying SSL connections

Registered by Jasper Capel

Currently, there are two options when you want Horizon to use SSL:
1) Use certificates signed by a trusted third party, or:
2) Disable SSL verification altogether.

I propose a config flag OPENSTACK_SSL_CACERT that allows you to specify the path to the CA certificate that should be used to verify the connections. It will be passed on as the cacert parameter on clients that support it.

Blueprint information

Status:
Complete
Approver:
Gabriel Hurley
Priority:
Medium
Drafter:
Jasper Capel
Direction:
Approved
Assignee:
Jasper Capel
Definition:
Approved
Series goal:
Accepted for havana
Implementation:
Implemented
Milestone target:
milestone icon 2013.2
Started by
David Lyle
Completed by
David Lyle

Related branches

Sprints

Whiteboard

[2013-08-27 | Gabriel] I'm in favor of this, but not with a week left in the Havana dev cycle and no code proposed. Bumping to the next release.
[2013-08-28 | Jasper] I implemented it and pushed the code for review. I think it's a relatively minor change. Could you reconsider merging this for Havana?

Gerrit topic: https://review.openstack.org/#q,topic:bp/ssl-cacert,n,z

Addressed by: https://review.openstack.org/44042
    Adds support for specifying a custom CA certificate for verifying SSL connections

[2013-09-03 | Gabriel] I stand corrected. Way to slip this in just under the wire! :-)

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.