Jennifer88huang commented on a change in pull request #5038: [doc] Improve
Pulsar security-tls-authentication
URL: https://github.com/apache/pulsar/pull/5038#discussion_r317533998
##########
File path: site2/docs/security-tls-authentication.md
##########
@@ -26,27 +27,27 @@ $ openssl pkcs8 -topk8 -inform PEM -outform PEM \
-in admin.key.pem -out admin.key-pk8.pem -nocrypt
```
-Generate the certificate request. When asked for a **common name**, enter the
**role token** which you want this key pair to authenticate a client as.
+Next, generate the certificate request. When you are asked for a **common
name**, enter the **role token** that you want this key pair to authenticate a
client as.
```bash
$ openssl req -config openssl.cnf \
-key admin.key.pem -new -sha256 -out admin.csr.pem
```
> Note
-> If there is no openssl.cnf, please read [Certificate
authority](http://pulsar.apache.org/docs/en/security-tls-transport/#certificate-authority)
to get the openssl.cnf.
+> If openssl.cnf is not given, please read [Certificate
authority](http://pulsar.apache.org/docs/en/security-tls-transport/#certificate-authority)
to get the openssl.cnf.
-Sign with request with the certificate authority. Note that that client certs
uses the **usr_cert** extension, which allows the cert to be used for client
authentication.
+Then, sign with request with the certificate authority. Note that that client
certs uses the **usr_cert** extension, which allows the cert to be used for
client authentication.
```bash
$ openssl ca -config openssl.cnf -extensions usr_cert \
-days 1000 -notext -md sha256 \
-in admin.csr.pem -out admin.cert.pem
```
-This will give you a cert, `admin.cert.pem`, and a key, `admin.key-pk8.pem`,
which, with `ca.cert.pem`, can be used by clients to authenticate themselves to
brokers and proxies as the role token ``admin``.
+This will give you a cert, `admin.cert.pem`, and a key, `admin.key-pk8.pem`.
With `ca.cert.pem`, clients can used this cert and this key to authenticate
themselves to brokers and proxies as the role token ``admin``.
> Note
-> If got "unable to load CA private key" error and the reason is "No such file
or directory: /etc/pki/CA/private/cakey.pem" in this step. Please try :
+> If you get the "unable to load CA private key" error and the reason of this
error is "No such file or directory: /etc/pki/CA/private/cakey.pem" in this
step. Please try the command below:
Review comment:
Do not blame a user for the error, so in this situation, you can use
If the xxx error occurs/is displayed, you can use the following command.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
