[ovs-discuss] [OVSDB-TLS] Ssl handshake fail

A Vamsikrishna a.vamsikrishna at ericsson.com
Wed Jan 3 09:35:11 UTC 2018


Hi All ,


I am following below wiki for OVSDB-TLS communication:

https://wiki.opendaylight.org/view/OVSDB_Integration:TLS_Communication

Steps followed:

I have copied ctl.jks and truststore.jks from my ubuntu to config/ssl folder

made <use-config>true</use-config> in aaa-cert-config.xml

made use-ssl = true in  org.opendaylight.ovsdb.library.cfg

sudo ovs-vsctl --bootstrap set-ssl /etc/openvswitch/sc-privkey.pem  /etc/openvswitch/sc-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem

sudo ovs-vsctl set-manager ssl:192.168.56.1:6640


I am seeing below error in ODL logs:

D: [id: 0x78b62606, L:/192.168.56.1:6640 - R:/192.168.56.102:41618]
-01-03 14:31:42,261 | ERROR | assiveConnServ-3 | OvsdbConnectionService           | 380 - org.opendaylight.ovsdb.library - 1.6.0.SNAPSHOT | Ssl handshake fail. channel [id: 0x78b62606, L:/192.168.56.1:6640 ! R:/192.168.56.102:41618]


And I am not seeing the SSL connection on OVS :

stack at ubuntu:/etc/openvswitch$ sudo ovs-vsctl show
3dfb73ad-1ea2-46ed-b749-ba55a1ee912f
    Manager "ssl:192.168.56.1:6640"
    Bridge br-ex
        Controller "ssl:192.168.56.1:6653"
       Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.6.1"
stack at ubuntu:/etc/openvswitch$
stack at ubuntu:/etc/openvswitch$

stack at ubuntu:/var/log/openvswitch$
stack at ubuntu:/var/log/openvswitch$ tail -5 ovsdb-server.log
2018-01-02T18:20:05.920Z|07252|reconnect|INFO|ssl:192.168.56.1:6640: waiting 8 seconds before reconnect
2018-01-02T18:20:13.921Z|07253|reconnect|INFO|ssl:192.168.56.1:6640: connecting...
2018-01-02T18:20:13.928Z|07254|stream_ssl|WARN|SSL_connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-01-02T18:20:13.928Z|07255|reconnect|INFO|ssl:192.168.56.1:6640: connection attempt failed (Protocol error)
2018-01-02T18:20:13.928Z|07256|reconnect|INFO|ssl:192.168.56.1:6640: waiting 8 seconds before reconnect
stack at ubuntu:/var/log/openvswitch$
stack at ubuntu:/var/log/openvswitch$

Can you please help me out in fixing this issue ?

Attaching the config files changed & Please let me know if you need any info to help on this issue.

Thanks,
Vamsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180103/4a9ef752/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: org.opendaylight.ovsdb.library.txt
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180103/4a9ef752/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aaa-cert-config.xml
Type: application/xml
Size: 815 bytes
Desc: aaa-cert-config.xml
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180103/4a9ef752/attachment.wsdl>


More information about the discuss mailing list