1. Manuals
  2. Brands
  3. HP Manuals
  4. Controller
  5. HPE VAN SDN Controller 2.7
  6. Administrator's manual

Built-In Openflow Controller; Creating A Keystore And Truststore For Openflow Switch Communication; Built-In Openflow Controller Keystore And Truststore Locations And Passwords - HP HPE VAN SDN Controller 2.7 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

passed into the controller upstart script via an environment variable. To change the default master
key (recommended):
1.
First, stop these services:
sudo service sdnc stop
sudo service sdna stop
2.
Then change the default master key:
sudo /opt/sdn/admin/sdnpass old_master_key new_master_key

Built-in OpenFlow controller

The HPE VAN SDN Controller has a built-in OpenFlow controller for controller-to-switch
communications. The OpenFlow controller component relies on PKI to establish mutual trust
(2-way SSL) between itself and the OpenFlow switches that it manages. To establish TLS
connections for controller-to-switch OpenFlow communications, Hewlett Packard Enterprise
recommends the following:
Use different store names for the built-in OpenFlow controller keystore and truststore than
used for the HPE VAN SDN Controller keystore and truststore.
Use the same CA (certificate authority) to sign the controller and all device certificates.
For information about configuring TLS, see the latest HPE OpenFlow Administrator Guide for
your switch.

Creating a keystore and truststore for OpenFlow switch communication

The process for creating the OpenFlow keystore and truststore is similar to the steps outlined
under
"Changing the default controller keystore and truststore to use CA signed certificates"
(page
110).

Built-in OpenFlow controller keystore and truststore locations and passwords

The HPE VAN SDN Controller has a built-in OpenFlow controller for controller-to-switch
communications. The configurations for the built-in OpenFlow controller keystore and truststore
are located in the com.hp.sdn.ctl.of.impl.ControllerManager component. The
keystore and keystore.password keys store the location of the keystore and the password
of the keystore respectively. Similarly, the truststore and truststore.password keys
store the location of the truststore and the password of the truststore respectively.
You can configure the com.hp.sdn.ctl.of.impl.ControllerManager component in the
Configurations screen Basic tab (screen example is shown below). A controller restart is required
if these configurations are changed.
The path to the keystore or truststore location must be specified as a relative path from the /opt/
sdn/virgo directory. For example, to specify a location of /opt/sdn/config/of.jks enter
the following:
../config/of.jks
Built-in OpenFlow controller
113
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for HP HPE VAN SDN Controller 2.7

Related Content for HP HPE VAN SDN Controller 2.7

Table of Contents