This option is only useful if the SSL peer sends its CA certificate as
part of the SSL certificate chain. The SSL protocol does not require
the server to send the CA certificate, but
-\fBovs\-controller\fR(8) can be configured to do so with the
+\fB\*(SN\fR(8) can be configured to do so with the
\fB\-\-peer\-ca\-cert\fR option.
.IP
This option is mutually exclusive with \fB\-C\fR and
.IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
Specifies a PEM file that contains one or more additional certificates
to send to SSL peers. \fIpeer-cacert.pem\fR should be the CA
-certificate used to sign the \fB\*(PN\fR own certificate (the
-certificate specified on \fB\-c\fR or \fB\-\-certificate\fR).
+certificate used to sign \fB\*(PN\fR's own certificate, that is, the
+certificate specified on \fB\-c\fR or \fB\-\-certificate\fR. If
+\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
+and \fB\-\-peer\-ca\-cert\fR should specify the same file.
.IP
This option is not useful in normal operation, because the SSL peer
must already have the CA certificate for the peer to have any
-confidence in \fB\*(PN\fR's identity. However, this option allows a
-newly installed switch to obtain the peer CA certificate on first boot
-using, e.g., the \fB\-\-bootstrap\-ca\-cert\fR option to
-\fBovs\-openflowd\fR(8).
+confidence in \fB\*(PN\fR's identity. However, this offers a way for
+a new installation to bootstrap the CA certificate on its first SSL
+connection.
.br
[\fB\-\-certificate=\fIcert.pem\fR]
.br
-[\fB\-\-ca\-cert=\fIswitch\-cacert.pem\fR]
+[\fB\-\-ca\-cert=\fIcacert.pem\fR]
..
.\" -*- nroff -*-
.TH ovsdb\-client 1 "November 2009" "Open vSwitch" "Open vSwitch Manual"
+.\" This program's name:
.ds PN ovsdb\-client
+.\" SSL peer program's name:
+.ds SN ovsdb\-server
.
.SH NAME
ovsdb\-client \- command-line interface to \fBovsdb-server\fR(1)
[\fB\-\-run=\fIcommand\fR]
.so lib/daemon-syn.man
.so lib/vlog-syn.man
+.so lib/ssl-syn.man
+.so lib/ssl-bootstrap-syn.man
.so lib/unixctl-syn.man
.so lib/common-syn.man
.
.TH ovs\-openflowd 8 "March 2009" "Open vSwitch" "Open vSwitch Manual"
+.\" This program's name:
.ds PN ovs\-openflowd
+.\" SSL peer program's name:
+.ds SN ovs\-controller
.
.SH NAME
ovs\-openflowd \- OpenFlow switch implementation
. RE
..
.TH ovs\-vsctl 8 "November 2009" "Open vSwitch" "Open vSwitch Manual"
+.\" This program's name:
.ds PN ovs\-vsctl
+.\" SSL peer program's name:
+.ds SN ovsdb\-server
.
.SH NAME
ovs\-vsctl \- utility for querying and configuring \fBovs\-vswitchd\fR
.
.SS "Public Key Infrastructure Options"
.so lib/ssl.man
+.so lib/ssl-bootstrap.man
+.so lib/ssl-peer-ca-cert.man
.so lib/vlog.man
.
.SH COMMANDS
. IP "\\$1"
..
.TH ovs\-vswitchd 8 "June 2009" "Open vSwitch" "Open vSwitch Manual"
+.\" This program's name:
.ds PN ovs\-vswitchd
+.\" SSL peer program's name:
+.ds SN ovs\-controller
.
.SH NAME
ovs\-vswitchd \- Open vSwitch daemon
projects / openvswitch / commitdiff