CORD 5.0 OpenStack SSL Handshake Error Solution

CORD 5.0 OpenStack SSL Handshake Error Solution

This post contains how to fix OpenStack handshake problem when CORD-in-a-Box restart, In cord-5.0 branch, Restarted CiaB(CORD-in-a-Box)’s Keystone can’t handle secure requests.

After you reboot CORD machine, and boot up Vagrant VM in this sequence: corddev, head1, compute1:


In cord-4.1 branch, all things should work perfect, but in cord-5.0 branch, OpenStack will be broken, nova, neutron, keystone all shows SSL error.

DNS not start: Name or service not known

This problem is easy to solve, just start it by following command.

SSL unknown protocol

This problem caused by keystone.cord.lab didn’t load SSL module correctly, keystone use haproxy(port 5000) to redirect traffic to apache(4990, 35347).

We can use openssl s_client to check with it.

So I traced into keystone‘s web service architecture, and take a look with apache’s error log, seems apache didn’t load openssl module well, a simple sudo service apache restart in keystone VM can fix it easily.

And nova, neutron, keystone can work now.

Leave a Reply

Your email address will not be published. Required fields are marked *