2010-06-29 14:29:40 -07:00
|
|
|
.IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
|
2009-12-21 13:10:55 -08:00
|
|
|
Specifies a PEM file that contains one or more additional certificates
|
|
|
|
|
to send to SSL peers. \fIpeer-cacert.pem\fR should be the CA
|
|
|
|
|
certificate used to sign the \fB\*(PN\fR own certificate (the
|
2010-06-29 14:29:40 -07:00
|
|
|
certificate specified on \fB\-c\fR or \fB\-\-certificate\fR).
|
2009-12-21 13:10:55 -08:00
|
|
|
.IP
|
|
|
|
|
This option is not useful in normal operation, because the SSL peer
|
|
|
|
|
must already have the CA certificate for the peer to have any
|
|
|
|
|
confidence in \fB\*(PN\fR's identity. However, this option allows a
|
|
|
|
|
newly installed switch to obtain the peer CA certificate on first boot
|
2010-06-29 14:29:40 -07:00
|
|
|
using, e.g., the \fB\-\-bootstrap\-ca\-cert\fR option to
|
2009-12-21 13:10:55 -08:00
|
|
|
\fBovs\-openflowd\fR(8).
|
