OpenStack Identity (keystone)

Deprecate pki_setup and ssl_setup

Registered by Adam Young

These functions were written to facilitate development and testing, but should not be used in a production system. The right solution is to use a real CA to issue X509 certificates. For development, we can use Certmonger selfsigned, and for production systems, certmonger talking to a real CA.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Adam Young
Direction:
Needs approval
Assignee:
None
Definition:
Superseded
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

(morganfainberg): This is to be merged into the "Remove in Kilo" BP/Spec. The goal is to remove the SSL-options from keystone that are only used for generating certs/self-signed-cas.

(stevemar): 16-02-02, with PKI deprecated we can deprecate these commands too, let's use a bug instead since they are easier to track (bug https://bugs.launchpad.net/keystone/+bug/1541201)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.