Message ID | 1446582561-16408-1-git-send-email-aaronorosen@gmail.com |
---|---|
State | Rejected |
Headers | show |
On Tue, Nov 03, 2015 at 12:29:21PM -0800, Aaron Rosen wrote: > Signed-off-by: Aaron Rosen <aaronorosen@gmail.com> > --- > INSTALL.SSL.md | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md > index 06be303..f294a27 100644 > --- a/INSTALL.SSL.md > +++ b/INSTALL.SSL.md > @@ -202,7 +202,7 @@ more secure. > > 1. Run the following command on the Open vSwitch itself: > > - % ovs-pki req sc switch > + % ovs-pki req+sign sc switch > > (This command does not require a copy of any of the PKI files > generated by "ovs-pki init", and you should not copy them to the That's not a typo, this workflow requires taking the certificate request to the machine that hosts the PKI for signing. See the section before that one for the req+sign workflow.
Whoops I see: req NAME Create new private key and certificate request named NAME-privkey.pem and NAME-req.pem, resp. $ ovs-pki req sc switch /usr/local/bin/ovs-pki: req must have exactly one argument; use --help for help Maybe the typo then is the option reg does not take a TYPE so 'switch' should be removed? Aaron On Tue, Nov 3, 2015 at 12:40 PM, Ben Pfaff <blp@nicira.com> wrote: > On Tue, Nov 03, 2015 at 12:29:21PM -0800, Aaron Rosen wrote: > > Signed-off-by: Aaron Rosen <aaronorosen@gmail.com> > > --- > > INSTALL.SSL.md | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md > > index 06be303..f294a27 100644 > > --- a/INSTALL.SSL.md > > +++ b/INSTALL.SSL.md > > @@ -202,7 +202,7 @@ more secure. > > > > 1. Run the following command on the Open vSwitch itself: > > > > - % ovs-pki req sc switch > > + % ovs-pki req+sign sc switch > > > > (This command does not require a copy of any of the PKI files > > generated by "ovs-pki init", and you should not copy them to the > > That's not a typo, this workflow requires taking the certificate request > to the machine that hosts the PKI for signing. See the section before > that one for the req+sign workflow. >
On Tue, Nov 03, 2015 at 12:49:15PM -0800, Aaron Rosen wrote: > Whoops I see: > > req NAME Create new private key and certificate request > named NAME-privkey.pem and NAME-req.pem, resp. > > > $ ovs-pki req sc switch > /usr/local/bin/ovs-pki: req must have exactly one argument; use --help for > help > > Maybe the typo then is the option reg does not take a TYPE so 'switch' > should be removed? Thanks, you're right. I sent out a patch: http://openvswitch.org/pipermail/dev/2015-November/061779.html This shell code in ovs-pki.in is so old, by the way, that in the repository that *predates* the current OVS repo, the commit message for the commit that introduced it was still just "Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45." I wouldn't even know which old repository that was, or where to dig it up, and I was there for it. Pre-historic!
diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md index 06be303..f294a27 100644 --- a/INSTALL.SSL.md +++ b/INSTALL.SSL.md @@ -202,7 +202,7 @@ more secure. 1. Run the following command on the Open vSwitch itself: - % ovs-pki req sc switch + % ovs-pki req+sign sc switch (This command does not require a copy of any of the PKI files generated by "ovs-pki init", and you should not copy them to the
Signed-off-by: Aaron Rosen <aaronorosen@gmail.com> --- INSTALL.SSL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)