work in progress
To make a SSL/TLS Openflow connection between onos and OVS switches using self-signed certificates, there are four main steps to follow:
- Generate SSL key/certificate for onos;
- Copy the onos certificate to the appropriate OVS location so that ovs can accept the certificate from onos;
- Generate SSL key/certificate for OVS;
- Copy the OVS certificate to the appropriate onos location so that onos can accept the certificate from ovs.
- Generating SSL key/certificate for onos: on the host running onos, we generate the SSL key/certificate as the following,
a.
sdn@onosCell1:~/wiki$ keytool -genkey -keyalg RSA -alias onos -keystore onos.jks -storepass 222222 -validity 360 -keysize 2048 What is your first and last name? [Unknown]: sdn rocks What is the name of your organizational unit? [Unknown]: config-guide What is the name of your organization? [Unknown]: onosproject.org What is the name of your City or Locality? [Unknown]: anycity What is the name of your State or Province? [Unknown]: anystate What is the two-letter country code for this unit? [Unknown]: us Is CN=sdn rocks, OU=config-guide, O=onosproject.org, L=anycity, ST=anystate, C=us correct? [no]: yes Enter key password for <onos> (RETURN if same as keystore password): sdn@onosCell1:~/wiki$ ls onos.jks