pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [pulsar] Anonymitaet commented on a change in pull request #5027: [doc] Improve Pulsar security-tls-transport
Date Tue, 27 Aug 2019 12:53:57 GMT
Anonymitaet commented on a change in pull request #5027: [doc] Improve Pulsar security-tls-transport
URL: https://github.com/apache/pulsar/pull/5027#discussion_r318061230
 
 

 ##########
 File path: site2/docs/security-tls-transport.md
 ##########
 @@ -62,56 +62,58 @@ $ openssl req -config openssl.cnf -key private/ca.key.pem \
 $ chmod 444 certs/ca.cert.pem
 ```
 
-After answering the question prompts, this will store CA-related files in the `./my-ca` directory.
Within that directory:
+After you answer the question prompts, CA-related files are stored in the `./my-ca` directory.
Within that directory:
 
-* `certs/ca.cert.pem` is the public certificate. It is meant to be distributed to all parties
involved.
-* `private/ca.key.pem` is the private key. This is only needed when signing a new certificate
for either broker or clients and it must be safely guarded.
+* `certs/ca.cert.pem` is the public certificate. This public certificates is meant to be
distributed to all parties involved.
+* `private/ca.key.pem` is the private key. You only need it when you are signing a new certificate
for either broker or clients and you must safely guard this private key.
 
 ### Server certificate
 
-Once a CA certificate has been created, you can create certificate requests and sign them
with the CA.
+Once you have created a CA certificate, you can create certificate requests and sign them
with the CA.
 
-The following commands will ask you a few questions and then create the certificates. When
asked for the common name, you should match the hostname of the broker. You could also use
a wildcard to match a group of broker hostnames, for example `*.broker.usw.example.com`. This
ensures that the same certificate can be reused on multiple machines.
+The following commands ask you a few questions and then create the certificates. When you
are asked for the common name, you should match the hostname of the broker. You could also
use a wildcard to match a group of broker hostnames, for example `*.broker.usw.example.com`.
This ensures that multiple machines can reuse the same certificate.
 
 > #### Tips
 > 
-> Sometimes it is not possible or makes no sense to match the hostname,
-> such as when the brokers are created with random hostnames, or you
-> plan to connect to the hosts via their IP. In this case, the client
-> should be configured to disable TLS hostname verification. For more
-> details, see [the host verification section in client configuration](#hostname-verification).
+> Sometimes matching the hostname is not possible or makes no sense,
+> such as when you creat the brokers with random hostnames, or you
+> plan to connect to the hosts via their IP. In these cases, you 
+> should configure the client to disable TLS hostname verification. For more
+> details, you can see [the host verification section in client configuration](#hostname-verification).
+
+First, generate the key using the command below.
 
-First generate the key.
 ```bash
 $ openssl genrsa -out broker.key.pem 2048
 ```
 
-The broker expects the key to be in [PKCS 8](https://en.wikipedia.org/wiki/PKCS_8) format,
so convert it.
+The broker expects the key to be in [PKCS 8](https://en.wikipedia.org/wiki/PKCS_8) format,
so run the following command to convert it.
 
 ```bash
 $ openssl pkcs8 -topk8 -inform PEM -outform PEM \
       -in broker.key.pem -out broker.key-pk8.pem -nocrypt
 ```
 
-Generate the certificate request...
+Next, use the follwing command to generate the certificate request...
 
 Review comment:
   ```suggestion
   2. Use the following command to generate the certificate request.
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message