The signing certificate has expired
This topic provides troubleshooting references and steps for resolving system errors when the signing certificate has expired.
Description
When object authentication
uses PKI as a token driver, it requires signing certificates. If the
system is configured in such a manner and the user tries to run the
keystone commands, the system displays the following error:
[root@SSClusterNode3 tmp]# openstack user listERROR: openstack SSL exception connecting to
https://SSCluster:35357/v3/auth/tokens: [Errno 1] _ssl.c:504: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol[root@SSClusterNode3 ~]#
swift listAuthorization Failure. Authorization failed: SSL exception connecting to
https://SSCluster:35357/v3/auth/tokens: [Errno 1] _ssl.c:504:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Cause
The system displays this error because the signing certificate has expired after configuration.
Proposed workaround
- Remove the authentication.
- Reconfigure the authentication with the new signing certificate.
Note:
Do not run the mmuserauth service remove --data-access-method object --idmapdelete command during removing and reconfiguring the authentication.