Move ssl_cert_login_from to the correct place and add further comments

1 files changed, 10 insertions, 3 deletions

diff --git a/docs/rabbitmq.config.example b/docs/rabbitmq.config.example
index 13f7684504..0c7909c27e 100644
--- a/docs/rabbitmq.config.example
+++ b/docs/rabbitmq.config.example
@@ -45,6 +45,16 @@
    %%                {verify, verify_peer},
    %%                {fail_if_no_peer_cert, true}]},
 
+   %% This pertains to the rabbitmq_auth_mechanism_ssl plugin and
+   %% STOMP ssl_cert_login configuration settings. See the rabbitmq_stomp
+   %% configuration section and the README in
+   %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
+   %% details.
+   %%
+   %% To use the cn instead of dn, when reading from the SSL cert:
+   %%
+   %% {ssl_cert_login_from, common_name},
+
    %% Choose the available SASL mechanism(s) to expose.
    %% The two default (built in) mechanisms are 'PLAIN' and
    %% 'AMQPLAIN'. Additional mechanisms can be added via
@@ -322,9 +332,6 @@
    %% Extract a name from the client's certificate when using SSL.
    %% {ssl_cert_login, true},
 
-   %% Use cn instead of dn when reading from the SSL cert.
-   %% {ssl_cert_login_from, common_name},
-
    %% Set a default user name and password. This is used as the default login
    %% whenever a CONNECT frame omits the login and passcode headers.
    %%