You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gs...@apache.org on 2008/10/22 14:05:48 UTC
svn commit: r707051 - /incubator/qpid/trunk/qpid/cpp/SSL
Author: gsim
Date: Wed Oct 22 05:05:48 2008
New Revision: 707051
URL: http://svn.apache.org/viewvc?rev=707051&view=rev
Log:
Updated latest ssl options usage; fixed ambiguity in domain name used in example and clarified the meaning a little.
Modified:
incubator/qpid/trunk/qpid/cpp/SSL
Modified: incubator/qpid/trunk/qpid/cpp/SSL
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/SSL?rev=707051&r1=707050&r2=707051&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/SSL (original)
+++ incubator/qpid/trunk/qpid/cpp/SSL Wed Oct 22 05:05:48 2008
@@ -11,20 +11,17 @@
Broker side SSL Settings (note you can get these by qpidd --help
providing the ssl.so module is loaded):
- --ssl-use-export-policy Use NSS export policy
- --ssl-cert-password-file PATH File containing password to
- use for accessing
- certificate database
- --ssl-cert-db PATH (/usr/local/etc/qpid_cert_db) Path to directory
- containing certificate
- database
- --ssl-cert-name NAME (thinkpad) Name of the certificate to
- use
- --ssl-port PORT (5673) Port on which to listen for
- SSL connections
- --ssl-require-client-authentication Forces clients to
- authenticate in order to
- establish an SSL connection
+SSL Settings:
+ --ssl-use-export-policy Use NSS export policy
+ --ssl-cert-password-file PATH File containing password to use for
+ accessing certificate database
+ --ssl-cert-db PATH Path to directory containing certificate
+ database
+ --ssl-cert-name NAME (thinkpad) Name of the certificate to use
+ --ssl-port PORT (5671) Port on which to listen for SSL
+ connections
+ --ssl-require-client-authentication Forces clients to authenticate in order
+ to establish an SSL connection
The first four of these are also available as client options (where
@@ -39,13 +36,14 @@
nss-tools package on fedora). See the NSS site for examples[1] and
full details[2].
-For a simple testing you can set up a single db with a
-single self signed certificate. E.g
+For a simple testing you can set up a single db with a single self
+signed certificate. E.g (with myhost and mydomain replaced by the
+hostname and domainname of the machine in question respectively):
mkdir test_cert_db
certutil -N -d test_cert_db -f cert.password
- certutil -S -d test_cert_db -n "myhost.mydomain.com" \
- -s "CN=myhost.mydomain.com" -t "CT,," -x \
+ certutil -S -d test_cert_db -n "myhost.mydomain" \
+ -s "CN=myhost.mydomain" -t "CT,," -x \
-f cert.password -z /usr/bin/certutil
Here cert.password is a file with a password in it that will be needed