https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6356281#M109 <P>First, if you are using the HP controller, the certificate used on the switch must be the signed by the same CA as the cert on the controller. So a self-signed cert won't work.</P><P>&nbsp;</P><P>To install a CA signed cert on a provision based switch:</P><P>&nbsp;</P><UL><LI><SPAN>Set the time correctly (either manually or with SNTP/Timep)</SPAN></LI><LI><SPAN>Configure the identity of the switche with "crypto pki identity-profile"</SPAN></LI><LI><SPAN>Generate a CSR with "crypto pki create-csr" make sure you use the "usage" option in the command and specify "all" or "openflow"</SPAN></LI><LI><SPAN>Then take the CSR to a CA of your choice</SPAN></LI><LI><SPAN>Install the resulting certificate onto the switch with "crypto pki install-signed-certificate"</SPAN></LI></UL><P>&nbsp;</P><P>These commands are just the beginning of the command, use tab or ? to complete the command.</P><P>&nbsp;</P><P>Hope that helps.</P> Wed, 29 Jan 2014 18:58:11 GMT EricAtHP 2014-01-29T18:58:11Z https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6356145#M108 <P>I get this error when trying to configure my OF instance on PV 3800 (KA_15_14):</P><P>&nbsp;</P><P>3800B(config)# openflow instance vpatch controller-id 1 secure<BR />Certificate for OpenFlow is not configured.<BR />3800B(config)#</P><P>&nbsp;</P><P>I tried to create self-signed cert from the web UI, but no luck.</P><P>&nbsp;</P><P>Does anyone have the process for creating/getting the correct cert and installing?</P><P>&nbsp;</P><P>The config guide just says you need one and is not specific on how to configure it.</P> Wed, 29 Jan 2014 17:09:06 GMT https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6356145#M108 RGBD 2014-01-29T17:09:06Z https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6356281#M109 <P>First, if you are using the HP controller, the certificate used on the switch must be the signed by the same CA as the cert on the controller. So a self-signed cert won't work.</P><P>&nbsp;</P><P>To install a CA signed cert on a provision based switch:</P><P>&nbsp;</P><UL><LI><SPAN>Set the time correctly (either manually or with SNTP/Timep)</SPAN></LI><LI><SPAN>Configure the identity of the switche with "crypto pki identity-profile"</SPAN></LI><LI><SPAN>Generate a CSR with "crypto pki create-csr" make sure you use the "usage" option in the command and specify "all" or "openflow"</SPAN></LI><LI><SPAN>Then take the CSR to a CA of your choice</SPAN></LI><LI><SPAN>Install the resulting certificate onto the switch with "crypto pki install-signed-certificate"</SPAN></LI></UL><P>&nbsp;</P><P>These commands are just the beginning of the command, use tab or ? to complete the command.</P><P>&nbsp;</P><P>Hope that helps.</P> Wed, 29 Jan 2014 18:58:11 GMT https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6356281#M109 EricAtHP 2014-01-29T18:58:11Z https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6365379#M133 <P>Hello,<BR /><BR />Just following up to see if the previous post answers your query.</P><P>Please feel free to reply incase you have more questions around the same topic or open a new thread if new&nbsp; topic.<BR />If you feel we have answered your question, please do let us know by marking this response as an 'accepted solution’.<BR /><BR />Thanks<BR />HP SDN Team<BR /><BR /></P> Wed, 05 Feb 2014 11:34:27 GMT https://community.hpe.com/t5/software-defined-networking/openflow-instance-with-tls-how-to-create-certificate-for/m-p/6365379#M133 sdnindia 2014-02-05T11:34:27Z