Hi again! I followed the instructions in INSTALL.SSL.md
1)created the PKI structure by ovs-pki init 2)created the private key and certificates for ovsdb-client and server % ovs-pki req+sign ctl controller % ovs-pki req+sign sc switch 3)copied controllerca/cacert.pem , sc-privkey.pem and sc-cert.pem to the host on which the ovsdb server is running 4)copied switch/cacert.pem , ctl-privkey.pem and ctl-cert.pem to the host on which the ovsdb client is running 5) started a pssl connection on the ovsdb-server ovsdb-server --remote=pssl:6640:server_ip --private-key=(path to sc-privkey.pem) --certificate=(path to sc-cert.pem) --ca-cert=(path to ca-cert.pem) 6)Finally, i started an ssl connection on the ovsdb-client ovsdb-client ssl:server_ip:6640 <http://10.107.48.193:6640> --private-key=(path to ctl-privkey.pem) --certificate=(path to ctl-cert.pem) --ca-cert=(path to ca-cert.pem) dump However, I'm getting the following error: 2016-06-06T10:03:58Z|00001|stream_ssl|INFO|Trusting CA cert from /home/winet/cert/cacert.pem (/C=US/ST=CA/O=Open vSwitch/OU=switchca/CN=OVS switchca CA Certificate (2016 Jun 06 14:53:27)) (fingerprint 53:8b:e0:a0:f1:83:10:ce:1d:35:95:79:5a:d0:57:7e:46:d3:94:b8) 2016-06-06T10:03:59Z|00002|stream_ssl|WARN|SSL_connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ovsdb-client: failed to connect to "ssl:server_ip:6640" (Protocol error) What is causing this error? How to correct this? Thanks once more Ojas On Wed, Jun 1, 2016 at 8:25 PM Ben Pfaff <[email protected]> wrote: > On Wed, Jun 01, 2016 at 07:03:48AM +0000, ojas kanhere wrote: > > So, is it required to "set-manager"? I did not understand the need for > the > > command. > > If you need to connect to OVSDB over TCP or SSL, then you need to use > set-manager. > > > Also, when I try to set the remote IP using > > > > ovsdb-server --remote=ptcp:6640:10.107.48.192 > > That sets the local IP address to use, not the remote. > > > I get the following: > > 2016-04-23T16:05:29Z|00001|socket_util|ERR|6640:10.107.48.192: bind: > Cannot > > assign requested address > > 2016-04-23T16:05:29Z|00002|ovsdb_jsonrpc_server|ERR|ptcp:6640: > 10.107.48.192: > > listen failed: Cannot assign requested address > > 2016-04-23T16:05:29Z|00003|ovsdb_server|INFO|ovsdb-server (Open vSwitch) > > 2.3.90 > > Your host does not own that IP address. > > > We basically want a secured connection between ovsdb-client and server. > > Should we use ssl? If so, how exactly do we set up the connection, > generate > > the keys and certificates? > > Read INSTALL.SSL.md. >
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
