If you are using ceph + radosgw packages they should be built with the
nss option (--with-nss), so nothing to do there.
For the server running keystone you need to do:
(root) $ mkdir /var/ceph/nss
(root) $ openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | \
certutil -d /var/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
(root) $ openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pub
(root) rsync -av /var/ceph/nss/* rgw-host:/var/ceph/nss
as indicated in the ceph docs. I found I needed to actually be root for
this to work (i.e sudo did not work), but apart from that no problem.
You need to install whatever packages give you the openssl and certutil
binaries.
Cheers
Mark
On 09/10/14 05:21, lakshmi k s wrote:
Hello Mark,
Thanks for your reply. Where should I be installing NSS package? On
Gateway or Openstack Controller node? On both, I could not execute the
following command as it resulted in bunch of errors.
openssl x509
-in /etc/keystone/ssl/certs/ca.pem -pubkey | certutil -d /var/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
Also, you mentioned about SSL. What should I be doing for this? Should rgw.conf in /etc/apache2/sites-enabled on gateway node be configured for SSL like this below. I do not have this right now.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
SetEnv SERVER_PORT_SECURE 443
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
