qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: qpid broker require-encryption option and ssl trigger parameter
Date Tue, 04 May 2010 08:01:14 GMT
On 05/03/2010 02:46 PM, nicolae claudius wrote:
> 1. The qpid broker has a parameter:
>
>    --require-encryption                     Only accept connections that are  encrypted
>
> Does this parameter make the AMQP connection encrypted or does it mean that the broker
should speak with the saslauth daemon over a secure connection ? It's a pretty unclear.
>
> 2. After generating proper certificates, one can start a SSL-enabled broker using:
>
> (a)
> export $CERT_LOC=/root/my_certs/server_db
> qpidd  --ssl-cert-db $CERT_LOC/server_db/ \
>            --ssl-cert-password-file $CERT_LOC/pfile \
>            --ssl-cert-name localhost.localdomain \
>            --ssl-port 5674
>
> The parameter that triggers the SSL-enableing is "--ssl-cert-db". The problem is that
this parameter only enables the SSL if given in the command line (a), using it in the configuration
file (b) does not enable SSL. Is that by design ? I belive it's a bug.

No it is not by design, the option should be configurable via the config 
file but...
>
> (b)
> # in /etc/qpidc.conf
> ssl-cert-db = /root/certs/server_db
> ssl-cert-password-file /root/certs/pfile
> ssl-cert-name = localhost.localdomain
> ssl-port = 5674

...you can't have spaces around the '=' I don't believe.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message