From: Ben Pfaff Date: Wed, 29 Oct 2008 18:27:57 +0000 (-0700) Subject: Add "self-sign" command to ofp-pki. X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=a657b914101a72a737670da8470d45c04d8b768e;p=sliver-openvswitch.git Add "self-sign" command to ofp-pki. --- diff --git a/utilities/ofp-pki.8.in b/utilities/ofp-pki.8.in index edcbe6114..f9aec406b 100644 --- a/utilities/ofp-pki.8.in +++ b/utilities/ofp-pki.8.in @@ -19,6 +19,8 @@ Stand\-alone commands with their arguments: \fBofp\-pki\fR \fBverify\fR \fINAME\fR [\fITYPE\fR] .br \fBofp\-pki\fR \fBfingerprint\fR \fIFILE\fR +.br +\fBofp\-pki\fR \self-sign\fR \fINAME\fR .sp The following additional commands manage an online PKI: .br @@ -172,6 +174,15 @@ certificate, then this is the SHA\-1 digest of the DER encoded version of the certificate; otherwise, it is the SHA\-1 digest of the entire file. +.TP +\fBself-sign\fR \fINAME\fR +Signs the certificate request named \fINAME\fB\-req.pem\fR using the +private key \fINAME\fB-privkey.pem\fR, producing a self-signed +certificate named \fINAMEfB\-cert.pem\fR. The input files should have +been produced with \fBofp\-pki req\fR. + +Some controllers accept such self-signed certificates. + .SH "ONLINE COMMANDS" An OpenFlow PKI can be administered online, in conjunction with diff --git a/utilities/ofp-pki.in b/utilities/ofp-pki.in index 4a5466a8f..d347a1570 100755 --- a/utilities/ofp-pki.in +++ b/utilities/ofp-pki.in @@ -45,6 +45,8 @@ The valid stand-alone commands and their arguments are: req+sign NAME [TYPE] Combine the above two steps, producing all three files. verify NAME [TYPE] Checks that NAME-cert.pem is a valid TYPE certificate fingerprint FILE Prints the fingerprint for FILE + self-sign NAME Sign NAME-req.pem with NAME-privkey.pem, + producing self-signed certificate NAME-cert.pem The following additional commands manage an online PKI: ls [PREFIX] [TYPE] Lists incoming requests of the given TYPE, optionally @@ -493,6 +495,14 @@ elif test "$command" = fingerprint; then one_arg fingerprint "$arg1" +elif test "$command" = self-sign; then + one_arg + must_exist "$arg1-req.pem" + must_exist "$arg1-privkey.pem" + must_not_exist "$arg1-cert.pem" + + openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem" \ + -signkey "$arg1-privkey.pem" -req -text elif test "$command" = ls; then check_type "$arg2"