brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From richardcloudsoft <...@git.apache.org>
Subject [GitHub] incubator-brooklyn pull request: Adds instructions to enable HTTPS
Date Fri, 12 Dec 2014 11:02:01 GMT
Github user richardcloudsoft commented on the pull request:

    https://github.com/apache/incubator-brooklyn/pull/385#issuecomment-66759233
  
    I've tried out these instructions and they worked well. There's a couple of points which
I think are worth making.
    
    1. The command given is creating a keystore with the name "mypassword". The user should
be told that they should pick their own password. The same password needs to be used both
in the `keytool` command and in brooklyn.properties.
    2. The command is creating a self-signed certificate (fail 1) without a CN field identifying
the website server name (fail 2). While this is OK to get an encrypted session, web browsers
*will* complain about this. We should inform about this in the instructions; IMO it is acceptable
to leave the process of using keytool to insert a *valid* certificate as an exercise for the
user (we don't need to describe the whole CSR flow with keytool examples etc.)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message