The signing certificate has expired

This topic provides troubleshooting references and steps for resolving system errors when the signing certificate has expired.

Description

When object authentication uses PKI as a token driver, it requires signing certificates. If the system is configured in such a manner and the user tries to run the keystone commands, the system displays the following error: 
[root@SSClusterNode3 tmp]# openstack user listERROR: openstack SSL exception connecting to 
https://SSCluster:35357/v3/auth/tokens: [Errno 1] _ssl.c:504: error:140770FC:SSL 
routines:SSL23_GET_SERVER_HELLO:unknown protocol[root@SSClusterNode3 ~]# 
swift listAuthorization Failure. Authorization failed: SSL exception connecting to 
https://SSCluster:35357/v3/auth/tokens: [Errno 1] _ssl.c:504: 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Cause

The system displays this error because the signing certificate has expired after configuration.

Proposed workaround

  1. Remove the authentication.
  2. Reconfigure the authentication with the new signing certificate.
Note:

Do not run the mmuserauth service remove --data-access-method object --idmapdelete command during removing and reconfiguring the authentication.

Parent topic: Object issues