Creating and Installing an SSL Key and Certificate on a Juniper Networks Device for Connection with SDN Controllers
To secure a connection between a Juniper Networks device that supports the Open vSwitch Database (OVSDB) management protocol and one or more software-defined networking (SDN) controllers, the following Secure Sockets Layer (SSL) files must be present in the /var/db/certs directory on the device:
vtep-privkey.pem
vtep-cert.pem
ca-cert.pem
You must create the vtep-privkey.pem and vtep-cert.pem files for the device and then install the two files in the /var/db/certs directory on the device.
Upon initial connection between a Juniper Networks device with OVSDB implemented and an SDN controller, the ca-cert.pem file is automatically generated and then installed in the /var/db/certs directory on the device.
The situation at your particular site determines the possible methods that you can use to create the vtep-privkey.pem and vtep-cert.pem files and install them in the Juniper Networks device. Instead of providing procedures for all possible situations, this topic provides a procedure for one common scenario.
The procedure provided in this topic uses the OpenFlow public key infrastructure (PKI) management utility ovs-pki on a Linux computer to initialize a PKI and create the vtep-privkey.pem and vtep-cert.pem files. (If you have an existing PKI on your Linux computer, you can skip the step to initialize a new one.) By default, the utility initializes the PKI and places these files in the /usr/local/share/openvswitch/pki directory of the Linux computer.
To create and install an SSL key and certificate on a Juniper Networks device: