2.Modify the /opt/sdn/virgo/bin/dmk.sh script to add the following option to the list of
JMX_OPTS:
For example:
cd $KERNEL_HOME; exec $JAVA_EXECUTABLE \ $JAVA_OPTS \
$DEBUG_OPTS \ $JMX_OPTS \
3.Start the SDN Controller:
sudo service sdnc start
To enable
5.9 Revoking Trust
5.9.1 Revoking trust via truststore
The controller components rely on the public certificates in the respective truststore to establish trust with a given identity. Therefore, revoking trust from a client with a given public certificate amounts to removing its certificate from the respective truststore. To remove a given certificate from the truststore:
•List the certificates in your truststore:
keytool
•Delete certificate from truststore:
keytool
5.9.2Revoking trust via CRL
For the controller’s REST API, a CRL (Certificate Revocation List) may also be specified to allow blacklisting of certain clients. This is done by modifying the /opt/sdn/virgo/configuration/
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="../admin/keystore" keystorePass="skyline"
crlFile="location_of_CRL file"/>
For the change to take effect, restart the controller.
5.10 SDN administrative REST API
The main SDN Controller daemon (SDNC) is accompanied by an ancillary daemon process (sdna), which runs under user sdnadmin in order to grant it access to some elevated privileges.
The administrative REST API can be used to securely perform various management functions in a privileged context. It would be undesirable for the main SDN Controller process to possess those privileges as it may be hosting execution of
5.9 Revoking Trust 69