You may want to try updating the system CA certs. Download both the root and current intermediate certificate from Geotrust and copy them to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust. I had some issues with newer GoDaddy certificates and this fixed me up. You'd need to do this on any node accessing the APIs.
-Erik On Wed, Mar 23, 2016 at 7:20 AM, Dean Troyer <dtro...@gmail.com> wrote: > On Tue, Mar 22, 2016 at 7:41 PM, Jagga Soorma <jagg...@gmail.com> wrote: >> >> However my mac os x desktop does that without any issues. I was able >> to get around this on my CentOS server by downloading the >> GeoTrust_CA_Bundle.crt locally and using "export >> OS_CACERT=/var/tmp/GeoTrust_CA_Bundle.crt". However, I don't want to >> have all my users to have to do this. Is there a way around this on >> CentOS/Ubunut? I thought this would be part of the ssl chain included >> on these distributions. > > > There are a couple of possibilities to explain the different behaviour, but > some additional information is required to pinpoint the issue. How was OSC > installed on the CentOS systems? (I presume that it was installed via pip > on OS/X.) > > Some (if not all) packagers unbundle the urllib3 module that is included in > the requests PyPI package. requests also includes its own CA bundle and > this is also changed to use the system CA bundle/certs by some packagers. > > dt > > -- > > Dean Troyer > dtro...@gmail.com > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
