[ovs-discuss] Configuring Open vSwitch for SSL - Question about using switch certificate authority method

Tandulwadkar, Sanket Ravindra (Sanket Ravindra) standulwadka at avaya.com
Wed Jan 6 16:38:37 UTC 2016


Hello,

I wanted to know what channel is used by OvS to fetch the CA certificate from the controller in bootstrap mode? Is it over SSL, OF, TCP or something else?

Also, I am trying to understand the need of having this CA certificate on OvS.

My current scenario -
                I have a northbound application on top of my controller who signs the OvS certificate. When the certificate is signed and sent back, I am setting the certificates on OvS and establishing the SSL connection. On my controller, I am using OpenDaylight and storing the same CAcert that signs the OvS certificate in truststore.jks file which maintains the OvS keys or CAcert depending on the way we use OvS.

I was wondering why is the CAcert being pulled by OvS if it is signed by the same CAcert preset in the ODL truststrore.jks.

Any input on this is greatly appreciated!


Thanks,
Sanket Tandulwadkar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160106/a2977452/attachment-0002.html>


More information about the discuss mailing list