H3C Technologies H3C S6800 Series Switches User Manual
Page 67
59
•
Passive SSL connection—The device accepts the SSL connection from the controller.
•
Active TCP connection—The device initiates a TCP connection to the controller.
•
Passive TCP connection—The device accepts the TCP connection from the controller.
NOTE:
You must specify the same key file, certificate file, and CA certificate file for all active and passive SSL
connection.
Establishing an active SSL connection to a controller
Step Command Remarks
1.
Enter system view.
system-view
N/A
2.
Specify a key file for SSL.
ovsdb server private-key key-filename
By default, no key file is
specified.
3.
Specify a certificate file for
SSL.
ovsdb server certificate cert-filename
By default, no certificate file is
specified.
4.
Specify a CA certificate
file for SSL.
ovsdb server ca-certificate ca-filename
[ bootstrap ]
By default, no CA certificate file
is specified.
5.
Establish an active SSL
connection to a controller.
ovsdb server ssl ipv4-address port
port-number
By default, the device does not
have active OVSDB SSL
connections.
You can establish active
OVSDB SSL connections to a
maximum of eight controllers.
Listening for SSL connection requests from controllers
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Specify a key file for SSL.
ovsdb server private-key key-filename
By default, no key file is
specified.
3.
Specify a certificate file for
SSL.
ovsdb server certificate cert-filename
By default, no certificate file is
specified.
4.
Specify a CA certificate file for
SSL.
ovsdb server ca-certificate
ca-filename [ bootstrap ]
By default, no CA certificate file
is specified.
5.
Enable the device to listen for
SSL connection requests.
ovsdb server pssl port [ port-number ]
By default, the device does not
listen for SSL connection
requests.
You can specify only one port to
listen for OVSDB SSL
connection requests.