diff options
| author | Gordon Sim <gsim@apache.org> | 2008-10-22 12:05:48 +0000 |
|---|---|---|
| committer | Gordon Sim <gsim@apache.org> | 2008-10-22 12:05:48 +0000 |
| commit | cdbcd21930168d29d5c2b83ce761d53aa1dcae3f (patch) | |
| tree | 807fabebdbfb8fb51b3aa5e4ba757712f8389c42 | |
| parent | c62e7915339bf8800eeb06db3c9a3409293467f6 (diff) | |
| download | qpid-python-cdbcd21930168d29d5c2b83ce761d53aa1dcae3f.tar.gz | |
Updated latest ssl options usage; fixed ambiguity in domain name used in example and clarified the meaning a little.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk@707051 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | qpid/cpp/SSL | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/qpid/cpp/SSL b/qpid/cpp/SSL index 4558f3359a..b7192eb3c3 100644 --- a/qpid/cpp/SSL +++ b/qpid/cpp/SSL @@ -11,20 +11,17 @@ used to ensure they are loaded. Broker side SSL Settings (note you can get these by qpidd --help providing the ssl.so module is loaded): - --ssl-use-export-policy Use NSS export policy - --ssl-cert-password-file PATH File containing password to - use for accessing - certificate database - --ssl-cert-db PATH (/usr/local/etc/qpid_cert_db) Path to directory - containing certificate - database - --ssl-cert-name NAME (thinkpad) Name of the certificate to - use - --ssl-port PORT (5673) Port on which to listen for - SSL connections - --ssl-require-client-authentication Forces clients to - authenticate in order to - establish an SSL connection +SSL Settings: + --ssl-use-export-policy Use NSS export policy + --ssl-cert-password-file PATH File containing password to use for + accessing certificate database + --ssl-cert-db PATH Path to directory containing certificate + database + --ssl-cert-name NAME (thinkpad) Name of the certificate to use + --ssl-port PORT (5671) Port on which to listen for SSL + connections + --ssl-require-client-authentication Forces clients to authenticate in order + to establish an SSL connection The first four of these are also available as client options (where @@ -39,13 +36,14 @@ Certificate databases are set up using certutil (included in the nss-tools package on fedora). See the NSS site for examples[1] and full details[2]. -For a simple testing you can set up a single db with a -single self signed certificate. E.g +For a simple testing you can set up a single db with a single self +signed certificate. E.g (with myhost and mydomain replaced by the +hostname and domainname of the machine in question respectively): mkdir test_cert_db certutil -N -d test_cert_db -f cert.password - certutil -S -d test_cert_db -n "myhost.mydomain.com" \ - -s "CN=myhost.mydomain.com" -t "CT,," -x \ + certutil -S -d test_cert_db -n "myhost.mydomain" \ + -s "CN=myhost.mydomain" -t "CT,," -x \ -f cert.password -z /usr/bin/certutil Here cert.password is a file with a password in it that will be needed |