ovs-pki: Allow generating certificates with duplicate subjects.

Without this setting, the certificate authorities that ovs-pki creates will not allow two switches or two controllers to have the same name. This causes problem in testing, since it's often convenient to test with short, common names like "tmp". (If you need to fix a PKI that you already created, in addition to modifying ca.cnf you will need to make the same change to index.txt.attr.) CC: Pierre Ettori <pettori@nicira.com>
2025-08-31 06:15:47 +00:00 · 2010-06-29 14:58:05 -07:00
parent 4e312e694f
commit c6c9e1e36f
1 changed files with 1 additions and 0 deletions
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -249,6 +249,7 @@ email_in_dn    = no                    # Don't add the email into cert DN
 name_opt       = ca_default            # Subject name display option
 cert_opt       = ca_default            # Certificate display option
 copy_extensions = none                 # Don't copy extensions from request
+unique_subject = no                    # Allow certs with duplicate subjects

 # For the CA policy
 [ policy ]