Install a Trusted CA CertificateΒΆ
A trusted CA certificate can be added to the StarlingX OpenStack service containers such that the containerized OpenStack services can validate certificates of far-end systems connecting or being connected to over HTTPS. This is commonly done to enable certificate validation of clients connecting to OpenStack service REST API endpoints.
Procedure
Install a trusted CA certificate for OpenStack using the following command to override all OpenStack Helm Charts.
~(keystone_admin)$ system os-certificate-install -m ca certificate_file>
where
<certificate_file>
contains a single CA certificate to be trusted.Running the command again with a different CA certificate in the file will replace this openstack trusted CA certificate.
Apply the updated Helm chart overrides containing the certificate changes:
~(keystone_admin)$ system application-apply stx-openstack