On 05/07/2014 04:25 PM, Remo Mattei wrote: > Hello guys, > I wonder if anyone has any suggestions on changing from http to https > interprocess communication like nova to keystone etc.. not for the DASHBOARD. create a CA for the certs, import the public key of the CA on all the boxes. it will save you headaches. don't use selfsigned certs
i've used EasyRSA to create the CA and it's certificates re create the endpoints using ssl, some downtime will be needed during reconfiguration the CN on the cert must match the hostname in the endpoints python ssl performance is not great, if you have high traffic you will need something external (apache, bigip, nginx?) to terminate ssl traffic > > so all the api calls will go over https. > > Any other suggestions will be welcomed. > > Thanks > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
