1 files changed, 16 insertions, 18 deletions

diff --git a/cpp/SSL b/cpp/SSL
index 4558f3359a..b7192eb3c3 100644
--- a/cpp/SSL
+++ b/cpp/SSL
@@ -11,20 +11,17 @@ used to ensure they are loaded.
 Broker side SSL Settings (note you can get these by qpidd --help
 providing the ssl.so module is loaded):
 
-  --ssl-use-export-policy                           Use NSS export policy
-  --ssl-cert-password-file PATH                     File containing password to
-                                                    use for accessing
-                                                    certificate database
-  --ssl-cert-db PATH (/usr/local/etc/qpid_cert_db)  Path to directory
-                                                    containing certificate
-                                                    database
-  --ssl-cert-name NAME (thinkpad)                   Name of the certificate to
-                                                    use
-  --ssl-port PORT (5673)                            Port on which to listen for
-                                                    SSL connections
-  --ssl-require-client-authentication               Forces clients to
-                                                    authenticate in order to
-                                                    establish an SSL connection
+SSL Settings:
+  --ssl-use-export-policy              Use NSS export policy
+  --ssl-cert-password-file PATH        File containing password to use for
+                                       accessing certificate database
+  --ssl-cert-db PATH                   Path to directory containing certificate
+                                       database
+  --ssl-cert-name NAME (thinkpad)      Name of the certificate to use
+  --ssl-port PORT (5671)               Port on which to listen for SSL
+                                       connections
+  --ssl-require-client-authentication  Forces clients to authenticate in order
+                                       to establish an SSL connection
 
 
 The first four of these are also available as client options (where
@@ -39,13 +36,14 @@ Certificate databases are set up using certutil (included in the
 nss-tools package on fedora). See the NSS site for examples[1] and
 full details[2].
 
-For a simple testing you can set up a single db with a
-single self signed certificate. E.g
+For a simple testing you can set up a single db with a single self
+signed certificate. E.g (with myhost and mydomain replaced by the
+hostname and domainname of the machine in question respectively):
 
     mkdir test_cert_db
     certutil -N -d test_cert_db -f cert.password
-    certutil -S -d test_cert_db -n "myhost.mydomain.com" \
-             -s "CN=myhost.mydomain.com" -t "CT,," -x \
+    certutil -S -d test_cert_db -n "myhost.mydomain" \
+             -s "CN=myhost.mydomain" -t "CT,," -x \
              -f cert.password -z /usr/bin/certutil
 
 Here cert.password is a file with a password in it that will be needed