kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ij...@apache.org
Subject kafka git commit: MINOR: Fix typos in security section
Date Mon, 22 Aug 2016 22:17:15 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk 7b16b4731 -> f153407c4


MINOR: Fix typos in security section

1. I think the instructions in step 2 of the security section which describe adding the CA
to server/client truststores are swapped. That is, the instruction that says to add the CA
to the server truststore adds it to the client truststore (and vice versa).
2. "clients keys" should be possessive ("clients' keys").

This contribution is my original work, and I license the work to the project under the project's
open source license.

Author: Samuel Taylor <staylor@square-root.com>

Reviewers: Ismael Juma <ismael@juma.me.uk>

Closes #1651 from ssaamm/trunk


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/f153407c
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/f153407c
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/f153407c

Branch: refs/heads/trunk
Commit: f153407c42716f4f4d9abe8be39ab1112f36a8be
Parents: 7b16b47
Author: Samuel Taylor <staylor@square-root.com>
Authored: Mon Aug 22 23:16:56 2016 +0100
Committer: Ismael Juma <ismael@juma.me.uk>
Committed: Mon Aug 22 23:16:56 2016 +0100

----------------------------------------------------------------------
 docs/security.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/f153407c/docs/security.html
----------------------------------------------------------------------
diff --git a/docs/security.html b/docs/security.html
index 0a5e561..d51c340 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -75,11 +75,11 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled
but
 
         The next step is to add the generated CA to the **clients' truststore** so that the
clients can trust this CA:
         <pre>
-        keytool -keystore server.truststore.jks -alias CARoot <b>-import</b>
-file ca-cert</pre>
+        keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert</pre>
 
-        <b>Note:</b> If you configure the Kafka brokers to require client authentication
by setting ssl.client.auth to be "requested" or "required" on the <a href="#config_broker">Kafka
brokers config</a> then you must provide a truststore for the Kafka brokers as well
and it should have all the CA certificates that clients keys were signed by.
+        <b>Note:</b> If you configure the Kafka brokers to require client authentication
by setting ssl.client.auth to be "requested" or "required" on the <a href="#config_broker">Kafka
brokers config</a> then you must provide a truststore for the Kafka brokers as well
and it should have all the CA certificates that clients' keys were signed by.
         <pre>
-        keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert</pre>
+        keytool -keystore server.truststore.jks -alias CARoot <b>-import</b>
-file ca-cert</pre>
 
         In contrast to the keystore in step 1 that stores each machine's own identity, the
truststore of a client stores all the certificates that the client should trust. Importing
a certificate into one's truststore also means trusting all certificates that are signed by
that certificate. As the analogy above, trusting the government (CA) also means trusting all
passports (certificates) that it has issued. This attribute is called the chain of trust,
and it is particularly useful when deploying SSL on a large Kafka cluster. You can sign all
certificates in the cluster with a single CA, and have all machines share the same truststore
that trusts the CA. That way all machines can authenticate all other machines.</li>
 


Mime
View raw message