Install a Trusted CA CertificateΒΆ

A trusted CA certificate can be added to the StarlingX OpenStack service containers such that the containerized OpenStack services can validate certificates of far-end systems connecting or being connected to over HTTPS. The most common use case here would be to enable certificate validation of clients connecting to OpenStack service REST API endpoints.

Procedure

  1. Install a trusted CA certificate for OpenStack using the following command to override all OpenStack Helm Charts.

    ~(keystone_admin)$ system certificate-install -m openstack_ca <certificate_file>
    

    where <certificate_file> contains a single CA certificate to be trusted.

    Running the command again with a different CA certificate in the file will replace this openstack trusted CA certificate.

  2. Apply the updated Helm chart overrides containing the certificate changes:

    ~(keystone_admin)$ system application-apply stx-openstack