diff options
| author | Robert Gemmell <robbie@apache.org> | 2016-07-05 21:55:35 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2016-07-05 21:55:35 +0000 |
| commit | f160cb6566c17945f7ebc4f3a752b2cc6a051685 (patch) | |
| tree | 809f04fc1967c22e5abc52de07602555bed0e920 /qpid/cpp/docs/book/src/old/SSL.xml | |
| parent | ebb276cca41582b73223b55eff9f2d4386f4f746 (diff) | |
| download | qpid-python-f160cb6566c17945f7ebc4f3a752b2cc6a051685.tar.gz | |
QPID-7207: remove cpp and python subdirs from svn trunk, they have migrated to their own git repositories
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1751566 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp/docs/book/src/old/SSL.xml')
| -rw-r--r-- | qpid/cpp/docs/book/src/old/SSL.xml | 180 |
1 files changed, 0 insertions, 180 deletions
diff --git a/qpid/cpp/docs/book/src/old/SSL.xml b/qpid/cpp/docs/book/src/old/SSL.xml deleted file mode 100644 index a9a5cb953a..0000000000 --- a/qpid/cpp/docs/book/src/old/SSL.xml +++ /dev/null @@ -1,180 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section><title> - SSL - </title> - - <section role="h1" id="SSL-SSLHowto"><title> - SSL How to - </title> - - <section role="h2" id="SSL-C-5Cbroker-28M4andup-29"><title> - C++ broker (M4 and up) - </title> - <itemizedlist> - <listitem><para>You need to get a certificate signed by a CA, trusted by your - client. - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>If you require client authentication, the clients certificate - needs to be signed by a CA trusted by the broker. - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Setting up the certificates for testing. - <itemizedlist> - <listitem><para>For testing purposes you could use the <xref linkend="qpid_gtstd"/> to setup your certificates. - </para></listitem> - <listitem><para>In summary you need to create a root CA and import it to - the brokers certificate data base. - </para></listitem> - <listitem><para>Create a certificate for the broker, sign it using the - root CA and then import it into the brokers certificate data - base. - </para></listitem> - </itemizedlist> - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Load the acl module using --load-module or if loading more - than one module, copy ssl.so to the location pointed by - --module-dir - - <programlisting> -Ex if running from source. ./qpidd --load-module /libs/ssl.so -</programlisting> - - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Specify the password file (a plain text file with the - password), certificate database and the brokers certificate name - using the following options - - <programlisting> -Ex ./qpidd ... --ssl-cert-password-file ~/pfile --ssl-cert-db ~/server_db/ --ssl-cert-name localhost.localdomain -</programlisting> - - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>If you require client authentication you need to add - --ssl-require-client-authentication as a command line argument. - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Please note that the default port for SSL connections is - 5671, unless specified by --ssl-port - </para></listitem> - </itemizedlist><para> - Here is an example of a broker instance that requires SSL client - side authenticaiton - </para> - <programlisting> -./qpidd ./qpidd --load-module /libs/ssl.so --ssl-cert-password-file ~/pfile --ssl-cert-db ~/server_db/ --ssl-cert-name localhost.localdomain --ssl-require-client-authentication -</programlisting> - <!--h2--></section> - <section role="h2" id="SSL-JavaClient-28M4andup-29"><title> - Java Client (M4 and up) - </title> - <itemizedlist> - <listitem><para>This guide is for connecting with the Qpid c++ broker. - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Setting up the certificates for testing. In summary, - <itemizedlist> - <listitem><para>You need to import the trusted CA in your trust store and - keystore - </para></listitem> - <listitem><para>Generate keys for the certificate in your key store - </para></listitem> - <listitem><para>Create a certificate request using the generated keys - </para></listitem> - <listitem><para>Create a certficate using the request, signed by the - trusted CA. - </para></listitem> - <listitem><para>Import the signed certificate into your keystore. - </para></listitem> - </itemizedlist> - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Pass the following JVM arguments to your client. - - <programlisting> --Djavax.net.ssl.keyStore=/home/bob/ssl_test/keystore.jks - -Djavax.net.ssl.keyStorePassword=password - -Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks - -Djavax.net.ssl.trustStorePassword=password -</programlisting> - - </para></listitem> - </itemizedlist> - <!--h2--></section> - - <section role="h2" id="SSL-.NetClient-28M4andup-29"><title> - .Net Client (M4 and up) - </title> - <itemizedlist> - <listitem><para>If the Qpid broker requires client authentication then you - need to get a certificate signed by a CA, trusted by your client. - </para></listitem> - </itemizedlist><para> - Use the connectSSL instead of the standard connect method of the - client interface. - </para><para> - connectSSL signature is as follows: - </para> - <programlisting> -public void connectSSL(String host, int port, String virtualHost, String username, String password, String serverName, String certPath, bool rejectUntrusted) -</programlisting> - <para> - Where - </para><itemizedlist> - <listitem><para>host: Host name on which a Qpid broker is deployed - </para></listitem> - <listitem><para>port: Qpid broker port - </para></listitem> - <listitem><para>virtualHost: Qpid virtual host name - </para></listitem> - <listitem><para>username: User Name - </para></listitem> - <listitem><para>password: Password - </para></listitem> - <listitem><para>serverName: Name of the SSL server - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>certPath: Path to the X509 certificate to be used when the - broker requires client authentication - </para></listitem> - <listitem><para>rejectUntrusted: If true connection will not be established - if the broker is not trusted (the server certificate must be - added in your truststore) - </para></listitem> - </itemizedlist> - <!--h2--></section> - - <section role="h2" id="SSL-Python-26RubyClient-28M4andup-29"><title> - Python & - Ruby Client (M4 and up) - </title> - <para> - Simply use amqps:// in the URL string as defined above - </para> - <!--h2--></section> - <!--h1--></section> -</section> |