starlingx
/
docs
Code Issues Proposed changes
docs/doc/source/security/openstack/install-rest-api-and-horizo...

1.4 KiB
Raw Blame History

Install REST API and Horizon Certificate

This certificate must be valid for the domain configured for OpenStack, see the sections on Accessing the System <access-using-the-default-set-up>.

Before installing the openstack certificate and key, you must install the ROOT for the openstack certificate as a trusted ca, Install a Trusted CA Certificate <install-a-trusted-ca-certificate>.

  1. Install the certificate for OpenStack as Helm chart overrides.

    ~(keystone_admin)$ system certificate-install -m openstack <certificate_file>

    where <certificate_file> is a pem file containing both the certificate and private key.

    Note

    The OpenStack certificate must be created with wildcard .

    For example, to create a certificate for : west2.us.example.com, the following entry must be included in the certificate:

    X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:*.west2.us.example.com

  2. Apply the Helm chart overrides containing the certificate changes.

    ~(keystone_admin)$ system application-apply wr-openstack