On Wed, Oct 26, 2016 at 02:05:50PM +0800, Jeson Zhang wrote: > I resently wanted to configure OVS for SSL. But I was puzzled by the > tutorial from > http://openvswitch.org/support/dist-docs/INSTALL.SSL.md.html:
You mean "recently", not "resently". You should probably look up the word "resent" and what it means, because it makes your statement appear rude. > 1. Is the command "ovs-pki init" run in OVS host or Controller host? > Need I run it on OF Controller host and copy the cacert.pem file to > OVS host? You should run it where you want to maintain the PKI. This might be a machine of its own, but if not then it makes more sense to do it on the controller. > 2. which host is the command "ovs-pki req+sign ctl controller" run in > OVS host or Controller host? Does it run on OVS host and copy the > ctl-privkey.pem and to Contoller? (here, run it on PKI structure and > copy files to Controller) It runs where you ran "ovs-pki init". > 3. in the section of "SWITCH KEY GENGERATION WITH A SWITCH PKI", (but > here, run it on PKI structure and copy files to OVS, so i don't know > whitch host is the "PKI structure") It runs where you ran "ovs-pki init". _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss