And my /etc/qpid/qpidd.conf looks like: auth=no # SSL require-encryption=yes ssl-require-client-authentication=yes ssl-cert-db=/etc/pki/pulp/qpid/nss ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password ssl-cert-name=broker ssl-port=5671
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ashby, Jason (IMS) Sent: Friday, October 24, 2014 2:40 PM To: 'Randy Barlow'; [email protected] Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4 Those certs are the ones generated by /usr/bin/pulp-qpid-ssl-cfg. I accepted the defaults for that script, except for the CA cert and key which I supplied with: Please specify a CA. Generated if not specified. Enter a path: /etc/pki/pulp_certs/pulpca.crt Please specify the CA key Enter a path: /etc/pki/pulp_certs/pulpca.key Does that answer your questions? -----Original Message----- From: Randy Barlow [mailto:[email protected]] Sent: Friday, October 24, 2014 2:31 PM To: Ashby, Jason (IMS); [email protected] Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4 On 10/24/2014 02:19 PM, Ashby, Jason (IMS) wrote: > [messaging] > url: ssl://127.0.0.1:5671 > cacert: /etc/pki/pulp/qpid/ca.crt > clientcert: /etc/pki/pulp/qpid/client.crt Is that cacert the cert that signed the certificate that qpid is configured to use? And is that client cert signed by the CA that the qpid server is configured to trust? > [tasks] > broker_url: qpid://127.0.0.1:5671/ > celery_require_ssl: true > cacert: /etc/pki/pulp/qpid/ca.crt > keyfile: /etc/pki/pulp/qpid/client.crt > certfile: /etc/pki/pulp/qpid/client.crt Same questions here. ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
