Home > Blogs > OpenStack Blog for VMware


Simplified Certificate Management with VMware Integrated OpenStack

SSL certificates allow developers to interact with an OpenStack cloud with the confidence that their communications are encrypted. In VMware Integrated OpenStack, we enable SSL encryption, by default, for users to access the various endpoints securely.  In addition, we make it easy to generate your certificate signing request (CSR) and to apply the certificate after it is received from your trusted Certificate Authority (CA).

When you first install VMware Integrated OpenStack, it is running with a self-signed certificate. In order to work with the CLI or API, you would need to use the OS_CACERT parameter during authentication. In addition, your web browsers will report that the identity of the site is not verified and will not trust the certificate that the OpenStack dashboard presents.

We strongly recommend that users obtain a certificate from a trusted CA for their production deployments. To that end, we make the CSR generation process easy for our users. The user simply logs in to the VMware Integrated OpenStack management server VM via SSH, and runs the following command:
sudo viocli deployment cert-req-create

The CSR will be generated and displayed to the screen.  Copy the CSR output, including the “BEGIN” and “END” lines, and paste it to a file. Submit this file to your CA.

When the signed certificate is returned, use the following syntax to apply it:
sudo viocli deployment cert-update -p -f /Your_Certificate_Path/cert.crt

The VMware Integrated OpenStack automation code then proceeds to deploy the certificate for use in your environment. When the process is complete, you can use the OpenStack CLIs and APIs without the OS_CACERT attribute, and your web browsers will trust the OpenStack dashboard as shown in Figure 1.

OpenStack SSL certificate requests are simplified with VIO

Figure 1: SSL certificate applied to a VMware Integrated OpenStack deployment

You can learn more about VMware Integrated OpenStack on the VMware Product Walkthrough site and on the VMware Integrated OpenStack product page.

This entry was posted in OpenStack on VMware, Technical, VMware Integrated OpenStack and tagged , , , , on by .
Trevor Roberts Jr.

About Trevor Roberts Jr.

Trevor Roberts, Jr. is the Senior Technical Marketing Manager for OpenStack at VMware and the lead author of the VMware Press title, “DevOps for VMware Administrators". He enjoys speaking to customers and partners about the benefits of using OpenStack with VMware technologies. In his spare time, Trevor shares his insights on data center technologies via the VMware Blogs and on Twitter (@VMTrooper). His contributions to the IT community have garnered recognition by his designation as a VMware vExpert, Cisco Data Center Champion, and EMC Elect.

One thought on “Simplified Certificate Management with VMware Integrated OpenStack

  1. Marcel St

    Hi Trevor,

    is there also a way to import an existing SSL certificate? I’m playing with VIO in our lab and we’ve got a wildcard from a trusted CA i would like to use instead of purchasing a certificate just for this setup.

    Thanks!,

    Marcel

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*