On 06/22/2016 10:47 AM, Adel Boutros wrote:
Hello,
I want to use SASL authentication mechanism using a client certificate. I
looked at the examples and tests but I didn't quite get everything.
I know I have to setup a listener with "sasl-mechanisms: EXTERNAL" and
"require-peer-auth: yes" but then how do I tell the dispatcher which certificates are
accepted and which aren't?
Of course I want to use a certificate for SSL encryption (provided in the
ssl-profile) and a different one for SASL authentication but on the same
listener.
ssl-profile {
name: ssl-profile-name
certFile: cert_ssl_encryption.pem
keyFile: key_ssl_encryption.pem
}
listener {
host: 0.0.0.0
port: 10399
sasl-mechanisms: EXTERNAL
ssl-profile: ssl-profile-name
authenticatePeer: yes
requireSsl: yes
}
In the above configuration, where should I add the "cert_sasl.pem"?
Regards,
Adel
From the qdrouterd.conf man page:
Under "listener":
trustedCerts (path)
This optional setting can be used to reduce the set of available
CAs for client authentication. If used, this setting must provide a
path to a PEM file that contains the trusted certificates.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
