On Wed, Oct 26, 2016 at 02:05:50PM +0800, Jeson Zhang wrote:
> I resently wanted to configure OVS for SSL. But I was puzzled by the
> tutorial from
> http://openvswitch.org/support/dist-docs/INSTALL.SSL.md.html:

You mean "recently", not "resently".  You should probably look up the
word "resent" and what it means, because it makes your statement appear
rude.

> 1.  Is the command "ovs-pki init" run in OVS host or Controller host?
> Need I run it on OF Controller host and copy the cacert.pem file to
> OVS host?

You should run it where you want to maintain the PKI.  This might be a
machine of its own, but if not then it makes more sense to do it on the
controller.

> 2.  which host is the command "ovs-pki req+sign ctl controller" run in
> OVS host or Controller host? Does it run on OVS host and copy the
> ctl-privkey.pem and to Contoller?  (here, run it on PKI structure and
> copy files to Controller)

It runs where you ran "ovs-pki init".

> 3. in the section of "SWITCH KEY GENGERATION WITH A SWITCH PKI", (but
> here, run it on PKI structure and copy files to OVS, so i don't know
> whitch host is the "PKI structure")

It runs where you ran "ovs-pki init".
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Reply via email to