Configuring SSL security for OpenStack clouds
If your OpenStack cloud uses SSL security, you must import the security certificate into the blueprint design server keystore.
- Install the blueprint design server.
- Create a cloud connection as described in Connecting to OpenStack and OpenStack-based clouds.
- On the blueprint design server, set the JAVA_HOME system variable to the location of the JRE or JDK on the system.
- On the blueprint design server, set the PATH system variable to include the location of the JRE or JDK on the system.
- On the blueprint design server, in a command prompt, go to the lib/security folder of the JRE or JDK, such as /opt/IBM/ibm-java-x86_64-80/jre/lib/security.
Using the following command, download the certificate:
echo -n | openssl s_client -connect hostname:5000 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/mycert.crtNote: This command is split on multiple lines for clarity, but you must enter the command on a single line.Use the host name or IP address of the cloud system for
Import the certificate into the blueprint design server keystore with the following
keytool -import -alias alias -file /tmp/mycert.crt -keystore ./cacerts -storepass changeit -trustcacerts -nopromptNote: This command is split on multiple lines for clarity, but you must enter the command on a single line.Substitute a name for the cloud system for
Using the alias that you specified in the previous command, verify that the certificate was
keytool -list -keystore cacerts -storepass changeit | grep -i aliasIf you imported the certificate correctly, the command prints information about the certificate.