[ovs-discuss] OVS 2.13.1-1: ovs-pki req+sign option is not generating the certificate NAME-cert.pem file.

NR 85 rameshganapathi at gmail.com
Wed Oct 21 20:47:55 UTC 2020


HI Numan,

Thank you for your inputs.

I tried the following steps as suggested but hit the same issue as
highlighted below.

a) root at home:#mkdir -p /tmp/pki_sign

b) root at home:# /usr/bin/ovs-pki --dir=/tmp/pki_sign/pki
/usr/bin/ovs-pki: missing command name; use --help for help

c) root at home:# /usr/bin/ovs-pki init --dir=/tmp/pki_sign/pki
Creating controllerca...
Creating switchca...

d) root at home:/# cd /tmp/pki_sign/pki/
root at home:/tmp/pki_sign/pki#

e) root at home:/tmp/pki_sign/pki# ovs-pki req+sign test

root at home:/tmp/pki_sign/pki# ls -alrth
total 24K
drwxr-xr-x 3 root root 4.0K Oct 22 02:09 ..
drwxr-xr-x 6 root root 4.0K Oct 22 02:09 controllerca
drwxr-xr-x 6 root root 4.0K Oct 22 02:09 switchca
-rw------- 1 root root 1.7K Oct 22 02:15 test-privkey.pem
-rw-r--r-- 1 root root 3.8K Oct 22 02:15 test-req.pem

*-rw-r--r-- 1 root root    0 Oct 22 02:15 test-cert.pem.tmp12449*drwxr-xr-x
4 root root 4.0K Oct 22 02:15 .

Thank you,
Warm Regards,
Ramesh.G

On Thu, Oct 22, 2020 at 12:27 AM Numan Siddique <numans at ovn.org> wrote:

> On Wed, Oct 21, 2020 at 8:54 PM NR 85 <rameshganapathi at gmail.com> wrote:
> >
> > Hi Ben,
> >
> > Do you have any suggestions to debug this issue further?
>
>
> You can probably try using a different dir.
>
> eg.
>
> mkdir -p /tmp/pki_sign
> ovs-pki --dir=/tmp/pki_sign/pki
> cd /tmp/pki_sign
> ovs-pki req+sign test
>
> This worked for me.
>
> Thanks
> Numan
>
> >
> > Kindly let me know.
> >
> > Thank you,
> > Warm Regards,
> > Ramesh.G
> >
> > On Tue, Oct 20, 2020 at 12:49 PM NR 85 <rameshganapathi at gmail.com>
> wrote:
> >>
> >> Hi Ben,
> >>
> >> I use "OpenSSL 1.1.0l" .
> >>
> >> root at home:/# /usr/bin/openssl version
> >> OpenSSL 1.1.0l  10 Sep 2019
> >>
> >> Thank you,
> >> Warm Regards,
> >> Ramesh.G
> >>
> >> On Mon, Oct 19, 2020 at 11:33 PM Ben Pfaff <blp at ovn.org> wrote:
> >>>
> >>> What version of OpenSSL are you using?  Run "openssl version".
> >>>
> >>> On Mon, Oct 19, 2020 at 01:26:05PM +0530, NR 85 wrote:
> >>> > Hi Ben,
> >>> >
> >>> > Here is the contents of the ovs-pki.log when executing
> "/usr/bin/ovs-pki
> >>> > req+sign test --force".
> >>> >
> >>> > ovs-pki.log :
> >>> >
> >>> > Generating RSA private key, 2048 bit long modulus
> >>> > .....................................................+++++
> >>> > ...............................+++++
> >>> > e is 65537 (0x010001)
> >>> > Using configuration from ca.cnf
> >>> > Error Loading extension section usr_cert
> >>> >
> >>> > Kindly help resolve this issue.
> >>> >
> >>> > Thank you,
> >>> > Warm Regards,
> >>> > Ramesh.G
> >>> >
> >>> > On Sat, Oct 17, 2020 at 10:08 AM Ben Pfaff <blp at ovn.org> wrote:
> >>> >
> >>> > > On Fri, Oct 16, 2020 at 06:28:45PM +0530, NR 85 wrote:
> >>> > > > Hi Team,
> >>> > > >
> >>> > > > I am facing an issue in ovs-pki in which req+sign option is not
> >>> > > generating
> >>> > > > the certificate. Kindly look into this issue and provide your
> suggestion.
> >>> > > >
> >>> > > > From the logs below it will be clear that the "test-cert.pem"
> file is not
> >>> > > > generated and the file with name "test-cert.pem.tmp18614" is
> generated
> >>> > > with
> >>> > > > zero byte.
> >>> > >
> >>> > > ovs-pki produces its own log.  It's probably named ovs-pki.log and
> >>> > > probably in /var/log.  What's in it?
> >>> > >
> >
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20201022/726fb37d/attachment.html>


More information about the discuss mailing list