This group is locked. No changes can be made to the group while it is locked.
Re: [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller
|
Rajendran Ashok <ashok.rajendran@...>
Hi Michal,
I created my own keys. I used this TLS version - OpenSSL 1.0.1 rajenda3@ws-32:/var/lib/openvswitch/pki/controllerca$ openssl version OpenSSL 1.0.1 14 Mar 2012 Thanks Ashok ________________________________________ From: Michal Polkoráb [michal.polkorab@...] Sent: Tuesday, April 21, 2015 1:27 PM To: Rajendran Ashok; Michal Rehak -X (mirehak - Pantheon Technologies SRO at Cisco); Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@...; openflowjava-dev Subject: RE: [openflowjava-dev] [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi Ashok, what keys do you use ? Exemplary keys (from openflowjava) or you created your own keys ? What TLS version do you use ? Michal ________________________________________ From: Rajendran Ashok <ashok.rajendran@...> Sent: 21 April 2015 09:59 To: Michal Polkoráb; Michal Rehak -X (mirehak - Pantheon Technologies SRO at Cisco); Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@...; openflowjava-dev Subject: RE: [openflowjava-dev] [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi All, I am trying to enable TLS connection between opendaylight controller and the switch. I followed the steps given in below link. But when I tried to establish connection now, it is showing error saying certificate verification failed and wrong version number as shown below in ovs-vswitchd.log. I checked the certificate and it has the validity. Could you please check why I am facing this error ? link: https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support Error: Apr 20 12:14:46|03981|rconn|INFO|s1<->ssl:192.168.56.101:6633: continuing to retry connections in the background but suppressing further logging Apr 20 12:14:54|03982|stream_ssl|WARN|SSL_connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 12:15:10|03983|stream_ssl|WARN|SSL_connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 15:32:04|04215|stream_ssl|WARN|SSL_connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Apr 20 15:32:12|04216|stream_ssl|WARN|SSL_connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Note: My controller address : 192.168.56.101 which is a virtual box machine and my switch is in my local machine Attached full ovs-vswitchd.log along this mail. Thanks Ashok ________________________________________ From: Michal Polkoráb [michal.polkorab@...] Sent: Tuesday, March 31, 2015 5:07 PM To: Michal Rehak -X (mirehak - Pantheon Technologies SRO at Cisco); Rajendran Ashok; Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@...; openflowjava-dev Subject: RE: [openflowjava-dev] [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi Ashok, if you clone openflowjava repository (git clone ssh://<username>@git.opendaylight.org:29418/openflowjava or git clone https://git.opendaylight.org/gerrit/openflowjava), then you will be able to get exemplary TLS keys (located in openflowjava/openflow-protocol-impl/src/main/resources). Regards, Michal Polkorab ________________________________________ From: Michal Rehak -X (mirehak - Pantheon Technologies SRO at Cisco) <mirehak@...> Sent: 31 March 2015 15:12 To: Rajendran Ashok; Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@...; openflowjava-dev Subject: Re: [openflowjava-dev] [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller fw to openflowjava-ml ________________________________________ From: Rajendran Ashok [ashok.rajendran@...] Sent: Tuesday, March 31, 2015 00:54 To: Michal Rehak -X (mirehak - Pantheon Technologies SRO at Cisco); Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@... Subject: RE: [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Thanks Michal for the reply. I was following the same link for enabling TLS. In this link, it has mentioned to find the files exemplary-*.pem in this path openflowjava/openflow-protocol-impl/src/main/resources. But I am not able to find that files in that path. Is there any steps to generate this file or am I missing any configuration ? Please help on this EXCERPT FROM WIKI LINK: Exemplary configuration There is already exemplary code in configuration/initial/42-openflowplugin.xml file and also exemplary keys stored in openflowjava (src/main/resources). This exemplary code is commented, so the default is to use unsecured communication. If you want to try TLS secured communication with your device, you need to do following steps: * make sure that <transport-protocol> is set with TLS * uncomment code in <tls> tags * find exemplary-* files in openflowjava repository - under openflow-protocol-impl/src/main/resources * copy exemplary-switch-privkey.pem, exemplary-switch-cert.pem and exemplary-cacert.pem files into your device * configure your device with provided keys (in case of openvswitch please see "Configure openvswitch SSL" part below) * start communication Thanks Ashok ________________________________________ From: Michal Rehak -X (mirehak - Pantheon Technologies SRO at Cisco) [mirehak@...] Sent: Monday, March 30, 2015 6:10 PM To: Rajendran Ashok; Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@... Subject: RE: [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi Ashok, you might find this wiki useful: https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support Regards, Michal ________________________________________ From: openflowplugin-users-bounces@... [openflowplugin-users-bounces@...] on behalf of Rajendran Ashok [ashok.rajendran@...] Sent: Monday, March 30, 2015 16:46 To: Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) Cc: openflowplugin-users@... Subject: Re: [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi, Thanks for your reply. I am able find 42-openflowplugin.xml file in the directory mentioned by you. But now I am looking for these three files, exemplary-switch-privkey.pem, exemplary-switch-cert.pem and exemplary-cacert.pem to transfer it to my mininet host. But I am not able to find it in the path mentioned in that wiki page - openflowjava/openflow-protocol-impl/src/main/resources Where can I find these files ? Could you also mention where can I find the updated Wiki page for Helium with Karaf so that I can follow it ( As u mentioned in below mail that this wiki page is not updated for helium karaf ) Thanks Ashok ________________________________________ From: Vratko Polak -X (vrpolak - Pantheon Technologies SRO at Cisco) [vrpolak@...] Sent: Tuesday, March 24, 2015 5:08 PM To: Rajendran Ashok Cc: openflowplugin-users@... Subject: RE: [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi Ashok. Helium is based on Karaf, but the wiki page was written before that change was made. 42-openflowplugin.xml under the directory configuration/initial/The new directory is etc/opendaylight/karaf/ but the file only appears after karaf is started and an openflow feature is installed. When you have your version of 42-openflowplugin.xml ready, you can place it into etc/opendaylight/karaf/ before karaf starts, and your values will be used instead of those from the default file. Vratko. -----Original Message----- From: openflowplugin-users-bounces@... [mailto:openflowplugin-users-bounces@...] On Behalf Of Rajendran Ashok Sent: Tuesday, March 24, 2015 3:23 PM To: openflowplugin-users@... Subject: [openflowplugin-users] Facing problem in enabling TLS connection in opendaylight controller Hi All, I am working on opendaylight controller for my assignment. I would like to enable TLS connection in my opendaylight controller and mininet switch. I followed the steps given in below link. But I am stuck at one point where I am not able to find the xml file - 42-openflowplugin.xml under the directory configuration/initial/. Is there any configuration to be done to get this file or do I need to create this file ? Could you please help me on this issue. https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support Note: I downloaded opendaylight controller code from git in stable/Helium branch and built it using maven as mentioned in Wiki. Thanks Ashok _______________________________________________ openflowplugin-users mailing list openflowplugin-users@... https://lists.opendaylight.org/mailman/listinfo/openflowplugin-users _______________________________________________ openflowplugin-users mailing list openflowplugin-users@... https://lists.opendaylight.org/mailman/listinfo/openflowplugin-users _______________________________________________ openflowjava-dev mailing list openflowjava-dev@... https://lists.opendaylight.org/mailman/listinfo/openflowjava-dev MichalPolkoráb Software Developer Mlynské Nivy 56 / 821 05 Bratislava / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 111 / www.pantheon.sk [logo] MichalPolkoráb Software Developer Mlynské Nivy 56 / 821 05 Bratislava / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 111 / www.pantheon.sk [logo] |
|
|