You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/08/26 09:56:21 UTC

[GitHub] [pulsar] Jennifer88huang commented on a change in pull request #5038: [doc] Improve Pulsar security-tls-authentication

Jennifer88huang commented on a change in pull request #5038: [doc] Improve Pulsar security-tls-authentication
URL: https://github.com/apache/pulsar/pull/5038#discussion_r317533998
 
 

 ##########
 File path: site2/docs/security-tls-authentication.md
 ##########
 @@ -26,27 +27,27 @@ $ openssl pkcs8 -topk8 -inform PEM -outform PEM \
       -in admin.key.pem -out admin.key-pk8.pem -nocrypt
 ```
 
-Generate the certificate request. When asked for a **common name**, enter the **role token** which you want this key pair to authenticate a client as.
+Next, generate the certificate request. When you are asked for a **common name**, enter the **role token** that you want this key pair to authenticate a client as.
 
 ```bash
 $ openssl req -config openssl.cnf \
       -key admin.key.pem -new -sha256 -out admin.csr.pem
 ```
 > Note
-> If there is no openssl.cnf, please read [Certificate authority](http://pulsar.apache.org/docs/en/security-tls-transport/#certificate-authority) to get the openssl.cnf.
+> If openssl.cnf is not given, please read [Certificate authority](http://pulsar.apache.org/docs/en/security-tls-transport/#certificate-authority) to get the openssl.cnf.
 
-Sign with request with the certificate authority. Note that that client certs uses the **usr_cert** extension, which allows the cert to be used for client authentication.
+Then, sign with request with the certificate authority. Note that that client certs uses the **usr_cert** extension, which allows the cert to be used for client authentication.
 
 ```bash
 $ openssl ca -config openssl.cnf -extensions usr_cert \
       -days 1000 -notext -md sha256 \
       -in admin.csr.pem -out admin.cert.pem
 ```
 
-This will give you a cert, `admin.cert.pem`, and a key, `admin.key-pk8.pem`, which, with `ca.cert.pem`, can be used by clients to authenticate themselves to brokers and proxies as the role token ``admin``.
+This will give you a cert, `admin.cert.pem`, and a key, `admin.key-pk8.pem`. With `ca.cert.pem`, clients can used this cert and this key to authenticate themselves to brokers and proxies as the role token ``admin``.
 
 > Note
-> If got "unable to load CA private key" error and the reason is "No such file or directory: /etc/pki/CA/private/cakey.pem" in this step. Please try :
+> If you get the "unable to load CA private key" error and the reason of this error is "No such file or directory: /etc/pki/CA/private/cakey.pem" in this step. Please try the command below:
 
 Review comment:
   Do not blame a user for the error, so in this situation, you can use 
   If the xxx error occurs/is displayed, you can use the following command.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services