Have questions? Stuck? Please check our FAQ for some common questions and answers.

  • Created by Unknown User (suibin), last modified on Jan 19, 2016

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

work in progress

 

To make a SSL/TLS Openflow connection between onos and OVS switches using self-signed certificates, there are four main steps to follow: 

  1. Generate SSL key/certificate for onos;
  2. Copy the onos certificate to the appropriate OVS location so that ovs can accept the certificate from onos;
  3. Generate SSL key/certificate for OVS;
  4. Copy the OVS certificate to the appropriate onos location so that onos can accept the certificate from ovs.

 

  1. Generating SSL key/certificate for onos: on the host running onos, we generate the SSL key/certificate as the following,

    1. Use "keytool" to generate a .jks keystone

      sdn@onosCell1:~/wiki$ keytool -genkey -keyalg RSA -alias onos -keystore onos.jks -storepass 222222 -validity 360 -keysize 2048
What is your first and last name?
  [Unknown]:  sdn rocks
What is the name of your organizational unit?
  [Unknown]:  config-guide
What is the name of your organization?
  [Unknown]:  onosproject.org
What is the name of your City or Locality?
  [Unknown]:  anycity
What is the name of your State or Province?
  [Unknown]:  anystate
What is the two-letter country code for this unit?
  [Unknown]:  us
Is CN=sdn rocks, OU=config-guide, O=onosproject.org, L=anycity, ST=anystate, C=us correct?
  [no]:  yes
Enter key password for <onos>
	(RETURN if same as keystore password):
sdn@onosCell1:~/wiki$ ls
onos.jks

    2. Covert the .jks keystore (which onos uses) to PEM file (which OVS uses) in a 2-step conversions: from .jks to .p12, then to .pem

      sdn@onosCell1:~/wiki$ keytool -importkeystore -srckeystore onos.jks -destkeystore onos.p12 -srcstoretype jks -deststoretype pkcs12
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias onos successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
sdn@onosCell1:~/wiki$ ls
onos.jks  onos.p12
      sdn@onosCell1:~/wiki$ openssl pkcs12 -in onos.p12 -out onos.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
sdn@onosCell1:~/wiki$ ls
onos.jks  onos.p12  onos.pem

    3. Use the certificate portion of the "onos.pem" file to create a new file, called "cacert.pem" - this is the file to be copied over to OVS - it is from "Bag Attributes" to "END CERTIFICATE"

      sdn@onosCell1:~/wiki$ cat onos.pem Bag Attributes friendlyName: onos localKeyID: 54 69 6D 65 20 31 34 35 33 32 34 33 35 32 33 34 31 39 subject=/C=us/ST=anystate/L=anycity/O=onosproject.org/OU=config-guide/CN=sdn rocks issuer=/C=us/ST=anystate/L=anycity/O=onosproject.org/OU=config-guide/CN=sdn rocks -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIEbbwHKjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJ1 czERMA8GA1UECBMIYW55c3RhdGUxEDAOBgNVBAcTB2FueWNpdHkxGDAWBgNVBAoT D29ub3Nwcm9qZWN0Lm9yZzEVMBMGA1UECxMMY29uZmlnLWd1aWRlMRIwEAYDVQQD EwlzZG4gcm9ja3MwHhcNMTYwMTE5MjIyMDI5WhcNMTcwMTEzMjIyMDI5WjB3MQsw CQYDVQQGEwJ1czERMA8GA1UECBMIYW55c3RhdGUxEDAOBgNVBAcTB2FueWNpdHkx GDAWBgNVBAoTD29ub3Nwcm9qZWN0Lm9yZzEVMBMGA1UECxMMY29uZmlnLWd1aWRl MRIwEAYDVQQDEwlzZG4gcm9ja3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCLGXBMxunrya4LMvNBh6zIO+5epIiZvPdi9tcSn5QnPSclWOcjwQ4Qtmhp xCs6FSgVtwv+9WrdZT8luBJNiWH7rJxGwb1R/TbXYQB8ybjbOkhRdSLuc8P3uRsW x4rcSTaFCxfCg0fOQd0ET+GWOlKcRXEMxIxHiQ/Mjvkl5IOTOu5Y64OrOZDKxREo ILC+8s/mYbJZOYpG0UYLoqkP99ZrOoTRVkngvnIrWPh0TH0dfRkI6k3lji5Mh+2U yq1buTM1+dA8ZV512oJI+yVN6tg7uqz2VEdhj9+mab8REo7vq1tOQ4QAxIb1Vtke oF+i32mcOHFXas0XbM+gKxZHWBd1AgMBAAGjITAfMB0GA1UdDgQWBBREXAhrkVgl 3yaqJhuMuhgp7xEqszANBgkqhkiG9w0BAQsFAAOCAQEAApRFQqh56QIZ9p4cnLpc i+I0o7l42Nwddzlmv7sdIjOPphk5iXfpy1BsKhXC0rXXcdPqqiM84GJaLgqQuAA5 E4cUPtj/jRDWP58CJ4uA2ICuJRVa5IN0TtImDlohH6a4euP1zO4hAD3leRVPylAN dW7+/JumX1sPWkl3n1GrE+TQao5riFW87kCAf6Zr8us+d0jWowWBTGLwzCLtBrPh +xOwVyyp/Gdp0kucwhHr20il/DJnsFh9m4boQp1O4/BwE2wxctyetD0rHcF5PNin ADLCPSP4kGOdMx/FiR12cBOexXluyb1+h4OEuvG+ojkzOGPkEaZsa42S1x1jzHIT eA== -----END CERTIFICATE-----   sdn@onosCell1:~/wiki$ cat cacert.pem Bag Attributes friendlyName: onos localKeyID: 54 69 6D 65 20 31 34 35 33 32 34 33 35 32 33 34 31 39 subject=/C=us/ST=anystate/L=anycity/O=onosproject.org/OU=config-guide/CN=sdn rocks issuer=/C=us/ST=anystate/L=anycity/O=onosproject.org/OU=config-guide/CN=sdn rocks -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIEbbwHKjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJ1 czERMA8GA1UECBMIYW55c3RhdGUxEDAOBgNVBAcTB2FueWNpdHkxGDAWBgNVBAoT D29ub3Nwcm9qZWN0Lm9yZzEVMBMGA1UECxMMY29uZmlnLWd1aWRlMRIwEAYDVQQD EwlzZG4gcm9ja3MwHhcNMTYwMTE5MjIyMDI5WhcNMTcwMTEzMjIyMDI5WjB3MQsw CQYDVQQGEwJ1czERMA8GA1UECBMIYW55c3RhdGUxEDAOBgNVBAcTB2FueWNpdHkx GDAWBgNVBAoTD29ub3Nwcm9qZWN0Lm9yZzEVMBMGA1UECxMMY29uZmlnLWd1aWRl MRIwEAYDVQQDEwlzZG4gcm9ja3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCLGXBMxunrya4LMvNBh6zIO+5epIiZvPdi9tcSn5QnPSclWOcjwQ4Qtmhp xCs6FSgVtwv+9WrdZT8luBJNiWH7rJxGwb1R/TbXYQB8ybjbOkhRdSLuc8P3uRsW x4rcSTaFCxfCg0fOQd0ET+GWOlKcRXEMxIxHiQ/Mjvkl5IOTOu5Y64OrOZDKxREo ILC+8s/mYbJZOYpG0UYLoqkP99ZrOoTRVkngvnIrWPh0TH0dfRkI6k3lji5Mh+2U yq1buTM1+dA8ZV512oJI+yVN6tg7uqz2VEdhj9+mab8REo7vq1tOQ4QAxIb1Vtke oF+i32mcOHFXas0XbM+gKxZHWBd1AgMBAAGjITAfMB0GA1UdDgQWBBREXAhrkVgl 3yaqJhuMuhgp7xEqszANBgkqhkiG9w0BAQsFAAOCAQEAApRFQqh56QIZ9p4cnLpc i+I0o7l42Nwddzlmv7sdIjOPphk5iXfpy1BsKhXC0rXXcdPqqiM84GJaLgqQuAA5 E4cUPtj/jRDWP58CJ4uA2ICuJRVa5IN0TtImDlohH6a4euP1zO4hAD3leRVPylAN dW7+/JumX1sPWkl3n1GrE+TQao5riFW87kCAf6Zr8us+d0jWowWBTGLwzCLtBrPh +xOwVyyp/Gdp0kucwhHr20il/DJnsFh9m4boQp1O4/BwE2wxctyetD0rHcF5PNin ADLCPSP4kGOdMx/FiR12cBOexXluyb1+h4OEuvG+ojkzOGPkEaZsa42S1x1jzHIT eA== -----END CERTIFICATE-----   sdn@onosCell1:~/wiki$ ls cacert.pem onos.jks onos.p12 onos.pem

Use "keytool" to generate a .jks keystore

 

 

  • No labels