From e1f928023e7506f4a664178b582207999c5d1c5c Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 31 Jan 2011 21:27:17 +0000 Subject: [PATCH] ITS#6816 cleanup --- doc/guide/admin/aspell.en.pws | 1 - doc/guide/admin/tls.sdf | 37 ++++++++++++++++++----------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/doc/guide/admin/aspell.en.pws b/doc/guide/admin/aspell.en.pws index 2d19c71684..3683f98cbd 100644 --- a/doc/guide/admin/aspell.en.pws +++ b/doc/guide/admin/aspell.en.pws @@ -1361,7 +1361,6 @@ AuthcId MChAODQ lookups GnuTLS -GNUtls gnutls MozNSS MOZNSS diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf index 11b0108c4b..d804bbb8d9 100644 --- a/doc/guide/admin/tls.sdf +++ b/doc/guide/admin/tls.sdf @@ -92,13 +92,13 @@ symbolic links. In general, it is simpler to use the When using Mozilla NSS, this directive can be used to specify the path of the directory containing the NSS certificate and key database -files. The certutil command can be used to add a {{TERM:CA}} certificate: +files. The {{certutil}} command can be used to add a {{TERM:CA}} certificate: > certutil -d -A -n "name of CA cert" -t CT,, -a -i /path/to/cacertfile.pem -This command will add a CA certficate stored in the PEM (ASCII) formatted -file named /path/to/cacertfile.pem. -t CT,, means that the certificate is -trusted to be a CA issuing certs for use in TLS clients and servers. +. This command will add a CA certficate stored in the PEM (ASCII) formatted +. file named /path/to/cacertfile.pem. {{EX:-t CT,,}} means that the certificate is +. trusted to be a CA issuing certs for use in TLS clients and servers. H4: TLSCertificateFile @@ -112,12 +112,12 @@ the name of the certificate to use: > TLSCertificateFile Server-Cert -If using a token other than the internal built in token, specify the -token name first, followed by a colon: +. If using a token other than the internal built in token, specify the +. token name first, followed by a colon: > TLSCertificateFile my hardware device:Server-Cert -Use certutil -L to list the certificates by name: +. Use {{EX:certutil -L}} to list the certificates by name: > certutil -d /path/to/certdbdir -L @@ -139,8 +139,8 @@ modutil to change the password to the empty string: > modutil -dbdir /etc/openldap/certdb -changepw 'NSS Certificate DB' -You must have the old password, if any. Ignore the WARNING about the running -browser. Press 'Enter' for the new password. +. You must have the old password, if any. Ignore the WARNING about the running +. browser. Press 'Enter' for the new password. H4: TLSCipherSuite @@ -152,15 +152,15 @@ specification for OpenSSL. You can use the command to obtain a verbose list of available cipher specifications. -To obtain the list of ciphers in GNUtls use: - -> gnutls-cli -l - Besides the individual cipher names, the specifiers {{EX:HIGH}}, {{EX:MEDIUM}}, {{EX:LOW}}, {{EX:EXPORT}}, and {{EX:EXPORT40}} may be helpful, along with {{EX:TLSv1}}, {{EX:SSLv3}}, and {{EX:SSLv2}}. +To obtain the list of ciphers in GnuTLS use: + +> gnutls-cli -l + When using Mozilla NSS, the OpenSSL cipher suite specifications are used and translated into the format used internally by Mozilla NSS. There isn't an easy way to list the cipher suites from the command line. The authoritative list @@ -186,7 +186,7 @@ copy a few hundred bytes of arbitrary data into the file. The file is only used to provide a seed for the pseudo-random number generator, and it doesn't need very much data to work. -This directive is ignored with GNUtls and Mozilla NSS. +This directive is ignored with GnuTLS and Mozilla NSS. H4: TLSEphemeralDHParamFile @@ -199,7 +199,7 @@ processed. Parameters can be generated using the following command > openssl dhparam [-dsaparam] -out -This directive is ignored with GNUtls and Mozilla NSS. +This directive is ignored with GnuTLS and Mozilla NSS. H4: TLSVerifyClient { never | allow | try | demand } @@ -266,18 +266,19 @@ H4: TLS_CERT This directive specifies the file that contains the client certificate. This is a user-only directive and can only be specified in a user's {{.ldaprc}} file. + When using Mozilla NSS, if using a cert/key database (specified with {{EX:TLS_CACERTDIR}}), this directive specifies the name of the certificate to use: > TLS_CERT Certificate for Sam Carter -If using a token other than the internal built in token, specify the -token name first, followed by a colon: +. If using a token other than the internal built in token, specify the +. token name first, followed by a colon: > TLS_CERT my hardware device:Certificate for Sam Carter -Use certutil -L to list the certificates by name: +. Use {{EX:certutil -L}} to list the certificates by name: > certutil -d /path/to/certdbdir -L -- 2.39.5