Hi all, I am configuring ovsdb-server to connect to a remote manager using SSL. I have the certificates configured, and the connection works as long as I do not configure a ca-cert. Configuring a ca-cert causes server-side certificate verification to fail in OpenSSL.
I believe this is because I am only allowed to insert an IP address for remote manager target and the remote server is using a certificate generated with it's DNS name, not IP address. Is there a way (or any plans to support) providing a hostname target inside the manager table? This would allow the OpenSSL library to properly verify server-side certificate. Using per-IP certificates is not an option for us to due to load balancing and scale. An example: Works: "ssl:1.2.3.4:443" Does not work: "ssl:manager.example.com:443" Thank you, Paul
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
