\fBofp\-pki\fR \fBverify\fR \fINAME\fR [\fITYPE\fR]
.br
\fBofp\-pki\fR \fBfingerprint\fR \fIFILE\fR
+.br
+\fBofp\-pki\fR \self-sign\fR \fINAME\fR
.sp
The following additional commands manage an online PKI:
.br
of the certificate; otherwise, it is the SHA\-1 digest of the entire
file.
+.TP
+\fBself-sign\fR \fINAME\fR
+Signs the certificate request named \fINAME\fB\-req.pem\fR using the
+private key \fINAME\fB-privkey.pem\fR, producing a self-signed
+certificate named \fINAMEfB\-cert.pem\fR. The input files should have
+been produced with \fBofp\-pki req\fR.
+
+Some controllers accept such self-signed certificates.
+
.SH "ONLINE COMMANDS"
An OpenFlow PKI can be administered online, in conjunction with
req+sign NAME [TYPE] Combine the above two steps, producing all three files.
verify NAME [TYPE] Checks that NAME-cert.pem is a valid TYPE certificate
fingerprint FILE Prints the fingerprint for FILE
+ self-sign NAME Sign NAME-req.pem with NAME-privkey.pem,
+ producing self-signed certificate NAME-cert.pem
The following additional commands manage an online PKI:
ls [PREFIX] [TYPE] Lists incoming requests of the given TYPE, optionally
one_arg
fingerprint "$arg1"
+elif test "$command" = self-sign; then
+ one_arg
+ must_exist "$arg1-req.pem"
+ must_exist "$arg1-privkey.pem"
+ must_not_exist "$arg1-cert.pem"
+
+ openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem" \
+ -signkey "$arg1-privkey.pem" -req -text
elif test "$command" = ls; then
check_type "$arg2"
projects / openvswitch / commitdiff