For secure communication in IBM Cloud Manager with OpenStack, a
Privacy Enhanced Mail (PEM) bundle is configured for certificate validation. You must add the bundle
to the <TMP_DIR> directory of IBM Cloud Orchestrator Server so that it is available during the
installation process.
Procedure
- Log in to the IBM Cloud Orchestrator Server.
- Create <TMP_DIR> directory.
- Run the following command to copy the certificate bundle:
scp root@<ICM_controller>: /etc/pki/tls/icm/certs/ca_bundle.pem /<TMP_DIR>/openstack.crt
where <ICM_controller> is the IP address or the fully qualified host name of
IBM Cloud Manager with OpenStack master controller wherein the Keystone service
is run. For multi-region setup, it is the controller of the first region. For high availability
configuration, it is the primary controller of the first region installed.
- Optionally, run the following command to check the certificate bundle content:
openssl x509 -noout -text -in <TMP_DIR>/openstack.crt