You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gs...@apache.org on 2008/10/22 14:05:48 UTC

svn commit: r707051 - /incubator/qpid/trunk/qpid/cpp/SSL

Author: gsim
Date: Wed Oct 22 05:05:48 2008
New Revision: 707051

URL: http://svn.apache.org/viewvc?rev=707051&view=rev
Log:
Updated latest ssl options usage; fixed ambiguity in domain name used in example and clarified the meaning a little.


Modified:
    incubator/qpid/trunk/qpid/cpp/SSL

Modified: incubator/qpid/trunk/qpid/cpp/SSL
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/SSL?rev=707051&r1=707050&r2=707051&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/SSL (original)
+++ incubator/qpid/trunk/qpid/cpp/SSL Wed Oct 22 05:05:48 2008
@@ -11,20 +11,17 @@
 Broker side SSL Settings (note you can get these by qpidd --help
 providing the ssl.so module is loaded):
 
-  --ssl-use-export-policy                           Use NSS export policy
-  --ssl-cert-password-file PATH                     File containing password to
-                                                    use for accessing
-                                                    certificate database
-  --ssl-cert-db PATH (/usr/local/etc/qpid_cert_db)  Path to directory
-                                                    containing certificate
-                                                    database
-  --ssl-cert-name NAME (thinkpad)                   Name of the certificate to
-                                                    use
-  --ssl-port PORT (5673)                            Port on which to listen for
-                                                    SSL connections
-  --ssl-require-client-authentication               Forces clients to
-                                                    authenticate in order to
-                                                    establish an SSL connection
+SSL Settings:
+  --ssl-use-export-policy              Use NSS export policy
+  --ssl-cert-password-file PATH        File containing password to use for
+                                       accessing certificate database
+  --ssl-cert-db PATH                   Path to directory containing certificate
+                                       database
+  --ssl-cert-name NAME (thinkpad)      Name of the certificate to use
+  --ssl-port PORT (5671)               Port on which to listen for SSL
+                                       connections
+  --ssl-require-client-authentication  Forces clients to authenticate in order
+                                       to establish an SSL connection
 
 
 The first four of these are also available as client options (where
@@ -39,13 +36,14 @@
 nss-tools package on fedora). See the NSS site for examples[1] and
 full details[2].
 
-For a simple testing you can set up a single db with a
-single self signed certificate. E.g
+For a simple testing you can set up a single db with a single self
+signed certificate. E.g (with myhost and mydomain replaced by the
+hostname and domainname of the machine in question respectively):
 
     mkdir test_cert_db
     certutil -N -d test_cert_db -f cert.password
-    certutil -S -d test_cert_db -n "myhost.mydomain.com" \
-             -s "CN=myhost.mydomain.com" -t "CT,," -x \
+    certutil -S -d test_cert_db -n "myhost.mydomain" \
+             -s "CN=myhost.mydomain" -t "CT,," -x \
              -f cert.password -z /usr/bin/certutil
 
 Here cert.password is a file with a password in it that will be needed