Administrator's Guide
Figure 41 Components that reference controller keystore and truststore
The values for keystore and keystore.password contain the keystore location and encrypted keystore
password respectively. The values for truststore and truststore.password contain the truststore
location and encrypted truststore password respectively.
5.5 Configuration encryption
Sensitive information such as tokens and passwords are stored encrypted on the SDN Controller.
However, to encrypt and decrypt these properties, the controller requires a master key that is
passed into the controller upstart script via an environment variable. To change the default master
key (recommended):
1. First, stop these services:
sudo service sdnc stop
sudo service sdna stop
2. Then change the default master key:
sudo /opt/sdn/admin/sdnpass old_master_key new_master_key
5.6 Openflow Controller TLS
The Openflow controller component relies on PKI to establish mutual trust (2-way SSL) between
itself and the Openflow switches that it manages. It is recommended that the Openflow keystore
and truststore used for Openflow switch communication be separate from the SDN Controller’s
keystore and truststore used for north-bound communication.
5.6.1 Creating Openflow Controller keystore and truststore
The process for creating the Openflow keystore and truststore is similar to the steps outlined under
“Creating SDN Controller keystore and truststore” (page 63), and therefore is not repeated here.
The store names for both the Openflow keystore/truststore and the SDN Controller’s
keystore/truststore should be different. Please note that both the Controller and Device certificates
5.5 Configuration encryption 65