| Message ID | 1446582561-16408-1-git-send-email-aaronorosen@gmail.com |
|---|---|
| State | Rejected |
| Headers | show |
On Tue, Nov 03, 2015 at 12:29:21PM -0800, Aaron Rosen wrote: > Signed-off-by: Aaron Rosen <aaronorosen@gmail.com> > --- > INSTALL.SSL.md | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md > index 06be303..f294a27 100644 > --- a/INSTALL.SSL.md > +++ b/INSTALL.SSL.md > @@ -202,7 +202,7 @@ more secure. > > 1. Run the following command on the Open vSwitch itself: > > - % ovs-pki req sc switch > + % ovs-pki req+sign sc switch > > (This command does not require a copy of any of the PKI files > generated by "ovs-pki init", and you should not copy them to the That's not a typo, this workflow requires taking the certificate request to the machine that hosts the PKI for signing. See the section before that one for the req+sign workflow.
Whoops I see:
req NAME Create new private key and certificate request
named NAME-privkey.pem and NAME-req.pem, resp.
$ ovs-pki req sc switch
/usr/local/bin/ovs-pki: req must have exactly one argument; use --help for
help
Maybe the typo then is the option reg does not take a TYPE so 'switch'
should be removed?
Aaron
On Tue, Nov 3, 2015 at 12:40 PM, Ben Pfaff <blp@nicira.com> wrote:
> On Tue, Nov 03, 2015 at 12:29:21PM -0800, Aaron Rosen wrote:
> > Signed-off-by: Aaron Rosen <aaronorosen@gmail.com>
> > ---
> > INSTALL.SSL.md | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md
> > index 06be303..f294a27 100644
> > --- a/INSTALL.SSL.md
> > +++ b/INSTALL.SSL.md
> > @@ -202,7 +202,7 @@ more secure.
> >
> > 1. Run the following command on the Open vSwitch itself:
> >
> > - % ovs-pki req sc switch
> > + % ovs-pki req+sign sc switch
> >
> > (This command does not require a copy of any of the PKI files
> > generated by "ovs-pki init", and you should not copy them to the
>
> That's not a typo, this workflow requires taking the certificate request
> to the machine that hosts the PKI for signing. See the section before
> that one for the req+sign workflow.
>
On Tue, Nov 03, 2015 at 12:49:15PM -0800, Aaron Rosen wrote: > Whoops I see: > > req NAME Create new private key and certificate request > named NAME-privkey.pem and NAME-req.pem, resp. > > > $ ovs-pki req sc switch > /usr/local/bin/ovs-pki: req must have exactly one argument; use --help for > help > > Maybe the typo then is the option reg does not take a TYPE so 'switch' > should be removed? Thanks, you're right. I sent out a patch: http://openvswitch.org/pipermail/dev/2015-November/061779.html This shell code in ovs-pki.in is so old, by the way, that in the repository that *predates* the current OVS repo, the commit message for the commit that introduced it was still just "Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45." I wouldn't even know which old repository that was, or where to dig it up, and I was there for it. Pre-historic!
diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md index 06be303..f294a27 100644 --- a/INSTALL.SSL.md +++ b/INSTALL.SSL.md @@ -202,7 +202,7 @@ more secure. 1. Run the following command on the Open vSwitch itself: - % ovs-pki req sc switch + % ovs-pki req+sign sc switch (This command does not require a copy of any of the PKI files generated by "ovs-pki init", and you should not copy them to the
Signed-off-by: Aaron Rosen <aaronorosen@gmail.com> --- INSTALL.SSL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)