You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by si...@apache.org on 2021/01/04 19:44:37 UTC
[pulsar] branch master updated: [Issue 8963][docs] fix 8963 (#9095)
This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 866faf5 [Issue 8963][docs] fix 8963 (#9095)
866faf5 is described below
commit 866faf59e33deaf42079af7bb645d18bc64a77f4
Author: Jennifer Huang <47...@users.noreply.github.com>
AuthorDate: Tue Jan 5 03:44:15 2021 +0800
[Issue 8963][docs] fix 8963 (#9095)
Fixes #8963
### Motivation
The doc is not clear for users to use TLS authentication.
### Modifications
Add `tlsRequireTrustedClientCertOnConnect` parameter usage in the TLS docs.
---
site2/docs/security-tls-authentication.md | 2 ++
site2/docs/security-tls-transport.md | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/site2/docs/security-tls-authentication.md b/site2/docs/security-tls-authentication.md
index 501e744..2113865 100644
--- a/site2/docs/security-tls-authentication.md
+++ b/site2/docs/security-tls-authentication.md
@@ -16,6 +16,8 @@ Client certificates are generated using the certificate authority. Server certif
The biggest difference between client certs and server certs is that the **common name** for the client certificate is the **role token** which that client is authenticated as.
+To use client certificates, you need to set `tlsRequireTrustedClientCertOnConnect=true` at the broker side. For details, refer to [TLS broker configuration](security-tls-transport.md#configure-broker).
+
First, you need to enter the following command to generate the key :
```bash
diff --git a/site2/docs/security-tls-transport.md b/site2/docs/security-tls-transport.md
index 54ae876..35be180 100644
--- a/site2/docs/security-tls-transport.md
+++ b/site2/docs/security-tls-transport.md
@@ -113,7 +113,7 @@ openssl ca -config openssl.cnf -extensions server_cert \
At this point, you have a cert, `broker.cert.pem`, and a key, `broker.key-pk8.pem`, which you can use along with `ca.cert.pem` to configure TLS transport encryption for your broker and proxy nodes.
-## Broker Configuration
+## Configure broker
To configure a Pulsar [broker](reference-terminology.md#broker) to use TLS transport encryption, you need to make some changes to `broker.conf`, which locates in the `conf` directory of your [Pulsar installation](getting-started-standalone.md).
@@ -121,6 +121,7 @@ Add these values to the configuration file (substituting the appropriate certifi
```properties
tlsEnabled=true
+tlsRequireTrustedClientCertOnConnect=true
tlsCertificateFilePath=/path/to/broker.cert.pem
tlsKeyFilePath=/path/to/broker.key-pk8.pem
tlsTrustCertsFilePath=/path/to/ca.cert.pem