If your OpenStack cloud uses SSL security, you must import the security certificate into
the blueprint design server keystore.
- Install the blueprint design server.
- Create a cloud connection as described in Connecting to OpenStack and OpenStack-based clouds.
- On the blueprint design server, set the JAVA_HOME system variable to the
location of the JRE or JDK on the system.
- On the blueprint design server, set the PATH system variable to include the
location of the JRE or JDK on the system.
-
On the blueprint design server, in a command prompt, go to the
lib/security folder of the JRE or JDK, such as
/opt/IBM/ibm-java-x86_64-80/jre/lib/security.
-
Using the following command, download the certificate:
echo -n | openssl s_client -connect hostname:5000 |
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
> /tmp/mycert.crt
Note: This command is split on multiple lines for clarity, but you must enter the command
on a single line.
Use the host name or IP address of the cloud system for
hostname
.
-
Import the certificate into the blueprint design server keystore with the following
command:
keytool -import -alias alias -file /tmp/mycert.crt
-keystore ./cacerts -storepass changeit -trustcacerts -noprompt
Note: This command is split on multiple lines for clarity, but you must enter the command
on a single line.
Substitute a name for the cloud system for
alias
.
-
Using the alias that you specified in the previous command, verify that the certificate was
imported:
keytool -list -keystore cacerts -storepass changeit | grep -i alias
If you imported the certificate correctly, the command prints information about the
certificate.
Now the blueprint design server can communicate with the OpenStack server.