Keystone uses cryptographically signed tokens with a private key and is matched against x509 certificate with a public key. Chapter 4, Keystone Identity Service discusses more advanced configurations. In this chapter, we use
keystone-manage pki_setup command to generate PKI key pairs and to configure Keystone to use it.
Proceed with the following steps:
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when
openstack-keystone package was installed.