Hi All ,
I am following below wiki for OVSDB-TLS communication: https://wiki.opendaylight.org/view/OVSDB_Integration:TLS_Communication Steps followed: I have copied ctl.jks and truststore.jks from my ubuntu to config/ssl folder made <use-config>true</use-config> in aaa-cert-config.xml made use-ssl = true in org.opendaylight.ovsdb.library.cfg sudo ovs-vsctl --bootstrap set-ssl /etc/openvswitch/sc-privkey.pem /etc/openvswitch/sc-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem sudo ovs-vsctl set-manager ssl:192.168.56.1:6640 I am seeing below error in ODL logs: D: [id: 0x78b62606, L:/192.168.56.1:6640 - R:/192.168.56.102:41618] -01-03 14:31:42,261 | ERROR | assiveConnServ-3 | OvsdbConnectionService | 380 - org.opendaylight.ovsdb.library - 1.6.0.SNAPSHOT | Ssl handshake fail. channel [id: 0x78b62606, L:/192.168.56.1:6640 ! R:/192.168.56.102:41618] And I am not seeing the SSL connection on OVS : stack@ubuntu:/etc/openvswitch$ sudo ovs-vsctl show 3dfb73ad-1ea2-46ed-b749-ba55a1ee912f Manager "ssl:192.168.56.1:6640" Bridge br-ex Controller "ssl:192.168.56.1:6653" Port br-ex Interface br-ex type: internal ovs_version: "2.6.1" stack@ubuntu:/etc/openvswitch$ stack@ubuntu:/etc/openvswitch$ stack@ubuntu:/var/log/openvswitch$ stack@ubuntu:/var/log/openvswitch$ tail -5 ovsdb-server.log 2018-01-02T18:20:05.920Z|07252|reconnect|INFO|ssl:192.168.56.1:6640: waiting 8 seconds before reconnect 2018-01-02T18:20:13.921Z|07253|reconnect|INFO|ssl:192.168.56.1:6640: connecting... 2018-01-02T18:20:13.928Z|07254|stream_ssl|WARN|SSL_connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 2018-01-02T18:20:13.928Z|07255|reconnect|INFO|ssl:192.168.56.1:6640: connection attempt failed (Protocol error) 2018-01-02T18:20:13.928Z|07256|reconnect|INFO|ssl:192.168.56.1:6640: waiting 8 seconds before reconnect stack@ubuntu:/var/log/openvswitch$ stack@ubuntu:/var/log/openvswitch$ Can you please help me out in fixing this issue ? Attaching the config files changed & Please let me know if you need any info to help on this issue. Thanks, Vamsi
#********************************************************************************************
# Boot Time Configuration
*
# Config knob changes will require controller restart
*
#********************************************************************************************
#Ovsdb plugin's (OVS, HwVtep) support both active and passive connections.
OVSDB library by
#default listens on port 6640 for switch initiated connection. Please use
following config
#knob for changing this default port.
ovsdb-listener-port = 6640
#This flag will be enforced across all the connection's (passive and active) if
set to true
use-ssl = true
#Set Json Rpc decoder max frame length value. If the OVSDB node contains large
configurations
#that can cause connection related issue while reading the configuration from
the OVSDB node
#database. Increasing the max frame lenge helps resolve the issue. Please see
following bug
#report for more details ( https://bugs.opendaylight.org/show_bug.cgi?id=2732 &
#https://bugs.opendaylight.org/show_bug.cgi?id=2487). Default value set to
100000.
json-rpc-decoder-max-frame-length = 100000
#********************************************************************************************
# Run Time Configuration
*
# Config knob changes doesn't require controller resart
*
#********************************************************************************************
#Timeout value (in millisecond) after which OVSDB rpc task will be
cancelled.Default value is
#set to 1000ms, please uncomment and override the value if requires.Changing
the value don't
#require controller restart.
ovsdb-rpc-task-timeout = 1000
aaa-cert-config.xml
Description: aaa-cert-config.xml
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
