% ovs-pki req+sign ctl controller
ctl-privkey.pem and ctl-cert.pem would need to be copied to the
-controller for its use at runtime. If you were to use ovs-controller,
-the simple OpenFlow controller included with Open vSwitch, then the
---private-key and --certificate options, respectively, would point to
-these files.
+controller for its use at runtime. If, for testing purposes, you were
+to use ovs-testcontroller, the simple OpenFlow controller included
+with Open vSwitch, then the --private-key and --certificate options,
+respectively, would point to these files.
It is very important to make sure that no stray copies of
ctl-privkey.pem are created, because they could be used to impersonate
"tcp:" connection methods are still allowed even after SSL has been
configured, so for security you should use only "ssl:" connections.
-Unlike most Open vSwitch settings, the SSL settings are read only
-once, at ovs-vswitchd startup time. For changes to take effect,
-ovs-vswitchd must be killed and restarted.
-
Reporting Bugs
--------------