Keystone uses cryptographically signed tokens with a private key and are matched against x509 certificate with public key. Chatper 5, Glance Image Service discusses advanced configurations. In this recipe, we will use
keystone-manage pki_setup command to generate PKI key pairs and configure Keystone to use it.
Proceed with the following steps:
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when
openstack-keystone packaged was installed.