From 026be2518a1bf5cb93de97ff814550447933b339 Mon Sep 17 00:00:00 2001
From: Gordon Sim <gsim@apache.org>
Date: Wed, 22 Oct 2008 12:05:48 +0000
Subject: Updated latest ssl options usage; fixed ambiguity in domain name used
 in example and clarified the meaning a little.

git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@707051 13f79535-47bb-0310-9956-ffa450edef68
---
 cpp/SSL | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

(limited to 'cpp')

diff --git a/cpp/SSL b/cpp/SSL
index 4558f3359a..b7192eb3c3 100644
--- a/cpp/SSL
+++ b/cpp/SSL
@@ -11,20 +11,17 @@ used to ensure they are loaded.
 Broker side SSL Settings (note you can get these by qpidd --help
 providing the ssl.so module is loaded):
 
-  --ssl-use-export-policy                           Use NSS export policy
-  --ssl-cert-password-file PATH                     File containing password to
-                                                    use for accessing
-                                                    certificate database
-  --ssl-cert-db PATH (/usr/local/etc/qpid_cert_db)  Path to directory
-                                                    containing certificate
-                                                    database
-  --ssl-cert-name NAME (thinkpad)                   Name of the certificate to
-                                                    use
-  --ssl-port PORT (5673)                            Port on which to listen for
-                                                    SSL connections
-  --ssl-require-client-authentication               Forces clients to
-                                                    authenticate in order to
-                                                    establish an SSL connection
+SSL Settings:
+  --ssl-use-export-policy              Use NSS export policy
+  --ssl-cert-password-file PATH        File containing password to use for
+                                       accessing certificate database
+  --ssl-cert-db PATH                   Path to directory containing certificate
+                                       database
+  --ssl-cert-name NAME (thinkpad)      Name of the certificate to use
+  --ssl-port PORT (5671)               Port on which to listen for SSL
+                                       connections
+  --ssl-require-client-authentication  Forces clients to authenticate in order
+                                       to establish an SSL connection
 
 
 The first four of these are also available as client options (where
@@ -39,13 +36,14 @@ Certificate databases are set up using certutil (included in the
 nss-tools package on fedora). See the NSS site for examples[1] and
 full details[2].
 
-For a simple testing you can set up a single db with a
-single self signed certificate. E.g
+For a simple testing you can set up a single db with a single self
+signed certificate. E.g (with myhost and mydomain replaced by the
+hostname and domainname of the machine in question respectively):
 
     mkdir test_cert_db
     certutil -N -d test_cert_db -f cert.password
-    certutil -S -d test_cert_db -n "myhost.mydomain.com" \
-             -s "CN=myhost.mydomain.com" -t "CT,," -x \
+    certutil -S -d test_cert_db -n "myhost.mydomain" \
+             -s "CN=myhost.mydomain" -t "CT,," -x \
              -f cert.password -z /usr/bin/certutil
 
 Here cert.password is a file with a password in it that will be needed
-- 
cgit v1.2.1