Files
8f624221ea56d8232ac47ebde0bfc8ad82e38cde
puppet-openstack-integration /contrib /ssl-ipv6.conf
Alfredo Moralejo e40e6d934b Fix ipv6 certificate to make it compliant with IDNA 
Currently we are setting "DNS.0 = ::1", but ::1 is not a valid
A-Label for IDNA so the certificate is not correct.
Additionally, we are setting wrong value for DNS.0 = 127.0.0.1
in the ipv4 certificate.
Finally, removing issuerAltName from both ipv4 and ipv6 certificates
as they are not needed for the jobs.
New versions of python-cryptography are more strict to check
certificates content and does not allow to have not compliant
DNS names so we need to fix the certificate to bump python-cryptography.
Note that horizont tempest plugin does not support ipaddress SANs based
certificate validation so I'm disablint certificate validation for
dashboard in this patch.
Depends-On: Iea7a4b85ac64572fac0f0ad871649a79fbc1c0f5
Change-Id: Ib519d222e07e26d3683b24359e2f67728cdd8029
2018年03月20日 22:38:03 +01:00

41 lines
921 B
Plaintext

# Generate key and create a self-signed certificate:
# $ openssl req \
# -x509 \
# -config ssl-ipv6.conf \
# -newkey rsa:2048 \
# -keyform PEM \
# -out ipv6.crt \
# -outform PEM \
# -days 3650 \
# -nodes
#
[ req ]
default_bits = 2048
default_keyfile = ipv6.key
default_md = sha256
prompt = no
distinguished_name = distinguished_name
req_extensions = v3_req
x509_extensions = v3_ca
[ v3_req ]
subjectAltName = @alt_names
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName = @alt_names
[alt_names]
IP.0 = ::1
DNS.0 = localhost
[ distinguished_name ]
commonName = ::1
countryName = US
stateOrProvinceName = North Carolina
localityName = Raleigh
organizationName = Red Hat Inc.
organizationalUnitName = OpenStack