netdev-vport: Warn users that pmtud is deprecated

[openvswitch] / utilities / ovs-pki.in

diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index 2a67d5387daa3c5e8aaca1a7e3eeba3c752f4fb9..1f15410ec32b7e7c170de5aecfe6ac0c67b6d203 100755 (executable)
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -429,6 +429,8 @@ make_request() {
     must_not_exist "$arg1-privkey.pem"
     must_not_exist "$arg1-req.pem"
     make_tmpdir
+    # Use uuidgen or date to create unique subject DNs.
+    unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"`
     cat > "$TMP/req.cnf" <<EOF
 [ req ]
 prompt = no
@@ -440,7 +442,7 @@ ST = CA
 L = Palo Alto
 O = Open vSwitch
 OU = Open vSwitch certifier
-CN = Open vSwitch certificate for $arg1
+CN = $arg1 id:$unique
 EOF
     if test $keytype = rsa; then
         (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
@@ -512,7 +514,7 @@ elif test "$command" = self-sign; then
     # Create both the private key and certificate with restricted permissions.
     (umask 077 && \
      openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \
-        -signkey "$arg1-privkey.pem" -req -text) 2>&3 || exit $?
+        -signkey "$arg1-privkey.pem" -req -days 2191 -text) 2>&3 || exit $?
 
     # Reset the permissions on the certificate to the user's default.
     cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"