| 40 | |
| 41 | === SSL setup (7/13) === |
| 42 | using this site as reference: http://www.debian-administration.org/article/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian |
| 43 | |
| 44 | except renaming the switch key and cert to what it would understand: |
| 45 | *ca_cert.pem |
| 46 | *sw_cert.pem |
| 47 | *sw_key.pem |
| 48 | |
| 49 | because in the example on the site ca_cert.pem is named cacert.pem, I had to change "cacert" to "ca_cert" in openssl.cnf for the very last part (signing the certificate): |
| 50 | {{{ |
| 51 | [ CA_default ] |
| 52 | serial = $dir/serial |
| 53 | database = $dir/index.txt |
| 54 | new_certs_dir = $dir/newcerts |
| 55 | certificate = $dir/cacert.pem |
| 56 | private_key = $dir/private/cakey.pem |
| 57 | default_days = 365 |
| 58 | default_md = md5 |
| 59 | preserve = no |
| 60 | email_in_dn = no |
| 61 | nameopt = default_ca |
| 62 | certopt = default_ca |
| 63 | policy = policy_match |
| 64 | }}} |
| 65 | I am not sure if changing the name of the key from ofpswitch.key.pem to sw_key.pem after making/signing the certification will affect anything. will find out. |