Anonymitaet commented on a change in pull request #5027: [doc] Improve Pulsar security-tls-transport URL: https://github.com/apache/pulsar/pull/5027#discussion_r318061121
########## File path: site2/docs/security-tls-transport.md ########## @@ -62,56 +62,58 @@ $ openssl req -config openssl.cnf -key private/ca.key.pem \ $ chmod 444 certs/ca.cert.pem ``` -After answering the question prompts, this will store CA-related files in the `./my-ca` directory. Within that directory: +After you answer the question prompts, CA-related files are stored in the `./my-ca` directory. Within that directory: -* `certs/ca.cert.pem` is the public certificate. It is meant to be distributed to all parties involved. -* `private/ca.key.pem` is the private key. This is only needed when signing a new certificate for either broker or clients and it must be safely guarded. +* `certs/ca.cert.pem` is the public certificate. This public certificates is meant to be distributed to all parties involved. +* `private/ca.key.pem` is the private key. You only need it when you are signing a new certificate for either broker or clients and you must safely guard this private key. ### Server certificate -Once a CA certificate has been created, you can create certificate requests and sign them with the CA. +Once you have created a CA certificate, you can create certificate requests and sign them with the CA. -The following commands will ask you a few questions and then create the certificates. When asked for the common name, you should match the hostname of the broker. You could also use a wildcard to match a group of broker hostnames, for example `*.broker.usw.example.com`. This ensures that the same certificate can be reused on multiple machines. +The following commands ask you a few questions and then create the certificates. When you are asked for the common name, you should match the hostname of the broker. You could also use a wildcard to match a group of broker hostnames, for example `*.broker.usw.example.com`. This ensures that multiple machines can reuse the same certificate. > #### Tips > -> Sometimes it is not possible or makes no sense to match the hostname, -> such as when the brokers are created with random hostnames, or you -> plan to connect to the hosts via their IP. In this case, the client -> should be configured to disable TLS hostname verification. For more -> details, see [the host verification section in client configuration](#hostname-verification). +> Sometimes matching the hostname is not possible or makes no sense, +> such as when you creat the brokers with random hostnames, or you +> plan to connect to the hosts via their IP. In these cases, you +> should configure the client to disable TLS hostname verification. For more +> details, you can see [the host verification section in client configuration](#hostname-verification). + +First, generate the key using the command below. Review comment: ```suggestion 1. Generate the key using the command below. ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
