X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=INSTALL.SSL;h=3b625fbd949bfb745ae8bad39266a7c709056fd3;hb=208d496f15787e55777c2ef541595f9e750ef771;hp=8df47bc106934eacda318100d91e70d4ab8f1bbe;hpb=1d87357a1322c2faa290452c08c7f794c0be848b;p=sliver-openvswitch.git

diff --git a/INSTALL.SSL b/INSTALL.SSL
index 8df47bc10..3b625fbd9 100644
--- a/INSTALL.SSL
+++ b/INSTALL.SSL
@@ -287,30 +287,31 @@ cacert.pem:
       OpenFlow controller by verifying a signature against this CA
       certificate.
 
-Once you have these files, configure ovs-vswitchd to use them by
-adding the following keys to your ovs-vswitchd.conf file:
+Once you have these files, configure ovs-vswitchd to use them using
+the ovs-vsctl "set-ssl" command, e.g.:
 
-    ssl.private-key=/etc/vswitch/sc-privkey.pem
-    ssl.certificate=/etc/vswitch/sc-cert.pem
-    ssl.ca-cert=/etc/vswitch/cacert.pem
+    ovs-vsctl set-ssl /etc/openvswitch/sc-privkey.pem /etc/openvswitch/sc-cert.pem /etc/openvswitch/cacert.pem
 
 Substitute the correct file names, of course, if they differ from the
-ones used above.
+ones used above.  You should use absolute file names (ones that begin
+with "/"), because ovs-vswitchd's current directory is unrelated to
+the one from which you run ovs-vsctl.
 
 If you are using self-signed certificates (see "SSL Concepts for
 OpenFlow") and you did not copy controllerca/cacert.pem from the PKI
-machine to the Open vSwitch, then also add the following key:
+machine to the Open vSwitch, then add the --bootstrap option, e.g.:
 
-    ssl.bootstrap-ca-cert=true
+    ovs-vsctl -- --bootstrap set-ssl /etc/openvswitch/sc-privkey.pem /etc/openvswitch/sc-cert.pem /etc/openvswitch/cacert.pem
 
 After you have added all of these configuration keys, you may specify
-"ssl:" connection methods elsewhere in ovs-vswitchd.conf, e.g.:
-
-    mgmt.controller=ssl:192.168.0.1
-
+"ssl:" connection methods elsewhere in the configuration database.
 "tcp:" connection methods are still allowed even after SSL has been
 configured, so for security you should use only "ssl:" connections.
 
+Unlike most Open vSwitch settings, the SSL settings are read only
+once, at ovs-vswitchd startup time.  For changes to take effect,
+ovs-vswitchd must be killed and restarted.
+
 Reporting Bugs
 --------------