Updated Branches: refs/heads/master d9c639bea -> cedd0ab84
doc: remove references to obsolete SSL config variables Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cedd0ab8 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cedd0ab8 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cedd0ab8 Branch: refs/heads/master Commit: cedd0ab84c32fc2518d73a31c1a178a4b25fa2bc Parents: d9c639b Author: James Peach <[email protected]> Authored: Mon Aug 19 09:05:48 2013 -0700 Committer: James Peach <[email protected]> Committed: Mon Aug 19 09:05:48 2013 -0700 ---------------------------------------------------------------------- doc/admin/security-options.en.rst | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cedd0ab8/doc/admin/security-options.en.rst ---------------------------------------------------------------------- diff --git a/doc/admin/security-options.en.rst b/doc/admin/security-options.en.rst index a3c6e51..2038281 100644 --- a/doc/admin/security-options.en.rst +++ b/doc/admin/security-options.en.rst @@ -126,10 +126,10 @@ client/Traffic Server connections, you must do the following: information that enables the client to authenticate Traffic Server and exchange encryption keys. - Configure SSL termination options: -- Enable the **SSL termination** option. - - Set the port number used for SSL communication. - - Specify the filename and location of the server certificate. + - Set the port number used for SSL communication using :ts:cv:`proxy.config.http.server_ports`. + - Edit :file:`ssl_multicert.config` to specify the filename and location of the + SSL certificates and provate keys. - (Optional) Configure the use of client certificates: Client certificates are located on the client. If you configure Traffic Server to require client certificates, then Traffic Server @@ -138,11 +138,6 @@ client/Traffic Server connections, you must do the following: require client certificates, then access to Traffic Server is managed through other Traffic Server options that have been set (such as rules in :file:`ip_allow.config`). - - Specify the filename and location of the Traffic Server private - key (if the private key is not located in the server certificate - file). Traffic Server uses its private key during the SSL - handshake to decrypt the session encryption keys. The private key - must be stored and protected against theft. - (Optional) Configure the use of Certification Authorities (CAs). CAs add security by verifying the identity of the person requesting a certificate. @@ -155,9 +150,7 @@ In order to accomplish this, we - :ts:cv:`proxy.config.http.server_ports` - :ts:cv:`proxy.config.ssl.client.certification_level` - :ts:cv:`proxy.config.ssl.server.cert.path` - - :ts:cv:`proxy.config.ssl.server.private_key.filename` - :ts:cv:`proxy.config.ssl.server.private_key.path` - - :ts:cv:`proxy.config.ssl.CA.cert.filename` - :ts:cv:`proxy.config.ssl.CA.cert.path` 3. Run the command :option:`traffic_line -L` to restart Traffic Server on the
