1. The qpid broker has a parameter:
--require-encryption Only accept connections that are
encrypted
Does this parameter make the AMQP connection encrypted or does it mean that the
broker should speak with the saslauth daemon over a secure connection ? It's a
pretty unclear.
2. After generating proper certificates, one can start a SSL-enabled broker
using:
(a)
export $CERT_LOC=/root/my_certs/server_db
qpidd --ssl-cert-db $CERT_LOC/server_db/ \
--ssl-cert-password-file $CERT_LOC/pfile \
--ssl-cert-name localhost.localdomain \
--ssl-port 5674
The parameter that triggers the SSL-enableing is "--ssl-cert-db". The problem
is that this parameter only enables the SSL if given in the command line (a),
using it in the configuration file (b) does not enable SSL. Is that by design ?
I belive it's a bug.
(b)
# in /etc/qpidc.conf
ssl-cert-db = /root/certs/server_db
ssl-cert-password-file /root/certs/pfile
ssl-cert-name = localhost.localdomain
ssl-port = 5674
# start like
# qpidd --config in /etc/qpidc.conf
