I’ve been trying to configure devstack to install SSL-enabled endpoints. This is generally straightforward but hampered by a several bugs related to server to server communication (e.g. nova to glance) where the are no options to specify the location of the issuing CA.
One workaround I’m looking at is rather than passing the CA around as a path everywhere is to add it to the system CA bundle and let the client libraries handle things. This is less-than-ideal but seems to work. I’m a Fedora guy so I use the new CA trust commands: