You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/20 09:28:32 UTC

[GitHub] [pulsar] BewareMyPower opened a new pull request #14763: [Docs] Add instructions for configuring CA on macOS

BewareMyPower opened a new pull request #14763:
URL: https://github.com/apache/pulsar/pull/14763


   ### Motivation
   
   The default `openssl` in macOS is LibreSSL 2.8.3, which doesn't work for the commands to generate CA (Certificate authority). There is an error when running `openssl req`:
   
   > configuration file routines:CRYPTO_internal:variable has no value
   
   We should use the `openssl` installed from Homebrew.
   
   ### Modifications
   
   Add instructions for configuring CA on macOS. In addition, there are some interactions when executing `openssl` commands. This PR adds the notes for the input password.
   
   ### Documentation
   
   Check the box below or label this PR directly (if you have committer privilege).
   
   Need to update docs? 
   
   - [ ] `doc-required` 
     
     (If you need help on updating docs, create a doc issue)
     
   - [ ] `no-need-doc` 
     
     (Please explain why)
     
   - [x] `doc` 
     
     (If this PR contains doc changes)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui merged pull request #14763: [Docs] Add instructions for configuring CA on macOS

Posted by GitBox <gi...@apache.org>.

codelipenghui merged pull request #14763:
URL: https://github.com/apache/pulsar/pull/14763


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] Demogorgon314 commented on a change in pull request #14763: [Docs] Add instructions for configuring CA on macOS

Posted by GitBox <gi...@apache.org>.

Demogorgon314 commented on a change in pull request #14763:
URL: https://github.com/apache/pulsar/pull/14763#discussion_r830587997



##########
File path: site2/docs/security-tls-transport.md
##########
@@ -57,13 +57,26 @@ chmod 700 private/
 touch index.txt
 echo 1000 > serial
 openssl genrsa -aes256 -out private/ca.key.pem 4096
+# You need enter a password in the command above
 chmod 400 private/ca.key.pem
 openssl req -config openssl.cnf -key private/ca.key.pem \
     -new -x509 -days 7300 -sha256 -extensions v3_ca \
     -out certs/ca.cert.pem
+# You must enter the same password in the previous openssl command
 chmod 444 certs/ca.cert.pem
 ```
 
+> **Tips**
+>
+> The default `openssl` on macOS doesn't work for commands above. You must upgrade the `openssl` via  Homebrew:

Review comment:
       ```suggestion
   > The default `openssl` on macOS doesn't work for commands above. You must upgrade the `openssl` via Homebrew:
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] BewareMyPower commented on pull request #14763: [Docs] Add instructions for configuring CA on macOS

Posted by GitBox <gi...@apache.org>.

BewareMyPower commented on pull request #14763:
URL: https://github.com/apache/pulsar/pull/14763#issuecomment-1073209644


   I will apply the doc fix to other versions after accepting the reviews.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] Anonymitaet commented on a change in pull request #14763: [Docs] Add instructions for configuring CA on macOS

Posted by GitBox <gi...@apache.org>.

Anonymitaet commented on a change in pull request #14763:
URL: https://github.com/apache/pulsar/pull/14763#discussion_r830709507



##########
File path: site2/docs/security-tls-transport.md
##########
@@ -57,13 +57,26 @@ chmod 700 private/
 touch index.txt
 echo 1000 > serial
 openssl genrsa -aes256 -out private/ca.key.pem 4096
+# You need enter a password in the command above
 chmod 400 private/ca.key.pem
 openssl req -config openssl.cnf -key private/ca.key.pem \
     -new -x509 -days 7300 -sha256 -extensions v3_ca \
     -out certs/ca.cert.pem
+# You must enter the same password in the previous openssl command
 chmod 444 certs/ca.cert.pem
 ```
 
+> **Tips**
+>
+> The default `openssl` on macOS doesn't work for commands above. You must upgrade the `openssl` via Homebrew:
+>
+> ```bash
+> brew install openssl
+> export PATH="/usr/local/Cellar/openssl@3/3.0.1/bin:$PATH"
+> ```
+>
+> The version `3.0.1` might change in future, please use the actual path from the output of `brew install` command.

Review comment:
       ```suggestion
   > The version `3.0.1` might change in the future. Use the actual path from the output of `brew install` command.
   ```
   Do not use please and thank you in technical information. Technical information requires an authoritative tone. Terms of politeness are superfluous, convey the wrong tone for technical material, and are not regarded the same way in all cultures. In marketing information, terms of politeness might be appropriate. Use the imperative mood in the first sentence of each step.
   https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=id.x24xr2yx9b9t

##########
File path: site2/docs/security-tls-transport.md
##########
@@ -57,13 +57,26 @@ chmod 700 private/
 touch index.txt
 echo 1000 > serial
 openssl genrsa -aes256 -out private/ca.key.pem 4096
+# You need enter a password in the command above
 chmod 400 private/ca.key.pem
 openssl req -config openssl.cnf -key private/ca.key.pem \
     -new -x509 -days 7300 -sha256 -extensions v3_ca \
     -out certs/ca.cert.pem
+# You must enter the same password in the previous openssl command
 chmod 444 certs/ca.cert.pem
 ```
 
+> **Tips**
+>
+> The default `openssl` on macOS doesn't work for commands above. You must upgrade the `openssl` via Homebrew:

Review comment:
       ```suggestion
   > The default `openssl` on macOS doesn't work for the commands above. You must upgrade the `openssl` via Homebrew:
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org