Creating Switch's Private Key and Public Certificate
To create a switch's private key and public certificate:
-
Execute ovs-pki req+sign sc switch on the PKI host.
The following files are
created:
File Name |
Usage |
switchca/sc-privkey.pem
|
Required by the switch to authenticate
with controllers. |
switchca/sc-cert.pem
|
Required by the switch to authenticate
with controllers. |
-
It is recommended that all switch private keys be passphrase protected. Create
a passphrase-protected copy of the private key with the following OpenSSL
command:
$ openssl pkcs8 -in sc-privkey.pem -topk8 -out sc-privkey-pk8.pem
Enter Encryption Password: ******
Verifying - Enter Encryption Password: ******
-
After the passphrase-protected file (in this case,
sc-privkey-pk8.pem) is created, delete the unprotected
private key (sc-privkey.pem).
Do not forget the encryption password. The switch prompts you for the
encryption password when the private key is configured on the
switch.
A unique privkey/certificate pair should be created for each switch within a
network. However, neither the switch nor the controller can prevent the same
privkey/certificate pair being installed on multiple switches.