Install a Trusted CA CertificateΒΆ

A trusted CA certificate can be added to the StarlingX OpenStack service containers such that the containerized OpenStack services can validate certificates of far-end systems connecting or being connected to over HTTPS. This is commonly done to enable certificate validation of clients connecting to OpenStack service REST API endpoints.

Procedure

  1. Install a trusted CA certificate for OpenStack using the following command to override all OpenStack Helm Charts.

    ~(keystone_admin)$ system os-certificate-install -m ca certificate_file>
    

    where <certificate_file> contains a single CA certificate to be trusted.

    Running the command again with a different CA certificate in the file will replace this openstack trusted CA certificate.

  2. Apply the updated Helm chart overrides containing the certificate changes:

    ~(keystone_admin)$ system application-apply stx-openstack