[Pulp-list] Qpid SSL on Pulp 2.4
Ashby, Jason (IMS)
AshbyJ at imsweb.com
Fri Oct 24 18:42:44 UTC 2014
And my /etc/qpid/qpidd.conf looks like:
auth=no
# SSL
require-encryption=yes
ssl-require-client-authentication=yes
ssl-cert-db=/etc/pki/pulp/qpid/nss
ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password
ssl-cert-name=broker
ssl-port=5671
-----Original Message-----
From: pulp-list-bounces at redhat.com [mailto:pulp-list-bounces at redhat.com] On Behalf Of Ashby, Jason (IMS)
Sent: Friday, October 24, 2014 2:40 PM
To: 'Randy Barlow'; pulp-list at redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
Those certs are the ones generated by /usr/bin/pulp-qpid-ssl-cfg. I accepted the defaults for that script, except for the CA cert and key which I supplied with:
Please specify a CA. Generated if not specified.
Enter a path: /etc/pki/pulp_certs/pulpca.crt
Please specify the CA key
Enter a path: /etc/pki/pulp_certs/pulpca.key
Does that answer your questions?
-----Original Message-----
From: Randy Barlow [mailto:rbarlow at redhat.com]
Sent: Friday, October 24, 2014 2:31 PM
To: Ashby, Jason (IMS); pulp-list at redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
On 10/24/2014 02:19 PM, Ashby, Jason (IMS) wrote:
> [messaging]
> url: ssl://127.0.0.1:5671
> cacert: /etc/pki/pulp/qpid/ca.crt
> clientcert: /etc/pki/pulp/qpid/client.crt
Is that cacert the cert that signed the certificate that qpid is
configured to use? And is that client cert signed by the CA that the
qpid server is configured to trust?
> [tasks]
> broker_url: qpid://127.0.0.1:5671/
> celery_require_ssl: true
> cacert: /etc/pki/pulp/qpid/ca.crt
> keyfile: /etc/pki/pulp/qpid/client.crt
> certfile: /etc/pki/pulp/qpid/client.crt
Same questions here.
________________________________
Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
_______________________________________________
Pulp-list mailing list
Pulp-list at redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list
________________________________
Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
More information about the Pulp-list
mailing list