Minor doc changes + add two new screenshots

[bacula/docs] / docs / manual / tls.tex

diff --git a/docs/manual/tls.tex b/docs/manual/tls.tex
index 046fc0f9d012db74b964bfc70d530ca743cdb7ac..a50899228d2f82ad8f9c84dad08d695c6fcc64c5 100644 (file)
--- a/docs/manual/tls.tex
+++ b/docs/manual/tls.tex
@@ -46,11 +46,11 @@ Enable TLS support.
 Require TLS connections.
 
 \item [TLS Certificate = \lt{}Directory\gt{}]
-Path to PEM encoded TLS certificate.  Used as either a client or server
-certificate.
+Path to a PEM encoded TLS certificate.  It can be used as either a client
+or server certificate.
 
 \item [TLS Key = \lt{}Directory\gt{}]
-Path to PEM encoded TLS private key.  Must correspond with the TLS
+Path to a PEM encoded TLS private key.  It must correspond to the TLS
 certificate.
 
 \item [TLS Verify Peer = \lt{}yes|no\gt{}]
@@ -60,9 +60,9 @@ will be accepted unless the TLS Allowed CN configuration directive is used.
 Not valid in a client context.
 
 \item [TLS Allowed CN = \lt{}string list\gt{}]
-Common name attribute of allowed peer certificates.  If directive is
+Common name attribute of allowed peer certificates.  If this directive is
 specified, all client certificates will be verified against this list.
-This directive may be specified more than once.  Not valid in a client
+This directive may be specified more than once. It is not valid in a client
 context.
 
 \item [TLS CA Certificate File = \lt{}Directory\gt{}]
@@ -96,29 +96,14 @@ context.  To generate the parameter file, you may use openssl:
 \index[general]{Certificate!Creating a Self-signed }
 \addcontentsline{toc}{subsection}{Creating a Self-signed Certificate}
 
-You may create a self-signed certificate for use with the Bacula TLS
-that will permit
-you to make it function, but will not allow certificate validation. The .pem
-file containing both the certificate and the key can be made with the
-following, which I put in a file named {\bf makepem}: 
+You may create a self-signed certificate for use with the Bacula TLS that
+will permit you to make it function, but will not allow certificate
+validation.  The .pem file containing both the certificate and the key
+valid for 10 years can be made with the following:
 
 \footnotesize
 \begin{verbatim}
-#!/bin/sh
-#
-# Simple shell script to make a .pem file that can be used
-# with stunnel and Bacula
-#
-OPENSSL=openssl
-   umask 77
-   PEM1=`/bin/mktemp openssl.XXXXXX`
-   PEM2=`/bin/mktemp openssl.XXXXXX`
-   ${OPENSSL} req -newkey rsa:1024 -keyout $PEM1 -nodes \
-       -x509 -days 365 -out $PEM2
-   cat $PEM1 > stunnel.pem
-   echo ""   >>stunnel.pem
-   cat $PEM2 >>stunnel.pem
-   rm $PEM1 $PEM2
+   openssl req -new -x509 -nodes -out bacula.pem -keyout bacula.pem -days 3650
 \end{verbatim}
 \normalsize