[ovs-discuss] OVN with SSL using self-signed CA Certificate | certificate verify failed
Frode Nordahl
frode.nordahl at canonical.com
Mon Nov 8 16:59:11 UTC 2021
On Thu, Nov 4, 2021 at 2:09 PM <nabeel.tariq at rapidcompute.com> wrote:
> Hi,
>
> We have implemented SSL with the OVN. While using SSL with Global CA
> Signing registrar it works fine. When we use Self sign certificate with
> self-signed CA certificate it is showing below mentioned error.
>
> 2021-11-02 01:22:12.960 3124740 ERROR neutron.service OpenSSL.SSL.Error:
> [('SSL routines', 'tls_process_server_certificate', 'certificate verify
> failed')]
>
This looks like a message from OpenStack Neutron, and questions specific to
OpenStack Neutron may get better responses on the openstack-discuss mailing
list. But I will try to provide you with an answer, see below.
Kindly guide us regarding the method to implement self-signed certificate.
>
In general terms, you would need to provide all nodes with services that
want to talk to the OVN databases with a copy of the self-signed CA
certificate so that they can verify the authenticity of the server
certificate when establishing the connection. This is usually accomplished
by placing the file in a location such as
`/usr/local/share/ca-certificates` and then executing the
`update-ca-certificates`
tool.
--
Frode Nordahl
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20211108/81b2f5e2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 20946 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20211108/81b2f5e2/attachment-0001.png>
More information about the discuss
mailing list