EmilienM
commented
3 years ago tested in PSI and it worked fine.
Closed EmilienM closed 3 years ago
EmilienM
commented
3 years ago tested in PSI and it worked fine.
Bring your own CA
Allow a user to bring their own Certificate Authority to dev-install, so when OpenStack will be deployed, the generated certificate will be signed with this CA.
It's a famous customer use-case, and will also be used by our CI, so we can rely on a stable CA and just generate ephemeral certificates when deploying OpenStack.
Generate SSL files locally instead of remotely
Instead of generating all SSL files remotely, do it locally, it's more secure.
The main reason of doing this is because we do not want the CA private key to be on the remote host, this would be a security issue in case someone has access to the host, they can compromise our CA