On 05/03/2010 02:46 PM, nicolae claudius wrote:
1. The qpid broker has a parameter:--require-encryption Only accept connections that are encrypted Does this parameter make the AMQP connection encrypted or does it mean that the broker should speak with the saslauth daemon over a secure connection ? It's a pretty unclear. 2. After generating proper certificates, one can start a SSL-enabled broker using: (a) export $CERT_LOC=/root/my_certs/server_db qpidd --ssl-cert-db $CERT_LOC/server_db/ \ --ssl-cert-password-file $CERT_LOC/pfile \ --ssl-cert-name localhost.localdomain \ --ssl-port 5674 The parameter that triggers the SSL-enableing is "--ssl-cert-db". The problem is that this parameter only enables the SSL if given in the command line (a), using it in the configuration file (b) does not enable SSL. Is that by design ? I belive it's a bug.
No it is not by design, the option should be configurable via the config file but...
(b) # in /etc/qpidc.conf ssl-cert-db = /root/certs/server_db ssl-cert-password-file /root/certs/pfile ssl-cert-name = localhost.localdomain ssl-port = 5674
...you can't have spaces around the '=' I don't believe. --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
