enable https for keystone
actually it’s quite easy, first you need load mod_ssl module of apache, then only thing you need to do is change the wsgi-keystone.conf:
if your server certificate is not signed by the root CA, then you need the intermediate CA certificates. please notice
SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.