qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nicolae claudius <nicolae_claud...@yahoo.com>
Subject qpid broker require-encryption option and ssl trigger parameter
Date Mon, 03 May 2010 13:46:17 GMT
1. The qpid broker has a parameter:

  --require-encryption                     Only accept connections that are  encrypted

Does this parameter make the AMQP connection encrypted or does it mean that the broker should
speak with the saslauth daemon over a secure connection ? It's a pretty unclear.

2. After generating proper certificates, one can start a SSL-enabled broker using: 

export $CERT_LOC=/root/my_certs/server_db
qpidd  --ssl-cert-db $CERT_LOC/server_db/ \
          --ssl-cert-password-file $CERT_LOC/pfile \
          --ssl-cert-name localhost.localdomain \
          --ssl-port 5674

The parameter that triggers the SSL-enableing is "--ssl-cert-db". The problem is that this
parameter only enables the SSL if given in the command line (a), using it in the configuration
file (b) does not enable SSL. Is that by design ? I belive it's a bug.

# in /etc/qpidc.conf
ssl-cert-db = /root/certs/server_db
ssl-cert-password-file /root/certs/pfile
ssl-cert-name = localhost.localdomain
ssl-port = 5674

# start like
# qpidd --config in /etc/qpidc.conf

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message