Configuring passive SSL connection settings

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Specify a PKI domain for SSL.

ovsdb server pki domain domain-name

By default, no PKI domain is specified for SSL.

3. (Optional.) Specify a CA certificate file for SSL.

ovsdb server bootstrap ca-certificate ca-filename

By default, SSL uses the CA certificate file in the PKI domain.

If the specified CA certificate file does not exist, the device obtains a self-signed certificate from the controller. The obtained file uses the name specified for the ca-filename argument.

4. Enable the device to listen for SSL connection requests.

ovsdb server pssl [ port port-number ]

By default, the device does not listen for SSL connection requests.

You can specify only one port to listen for OVSDB SSL connection requests. Port 6640 is used if you do specify a port when you execute the command.