diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2009-10-26 12:18:32 +0100 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2009-10-26 12:18:32 +0100 |
commit | 672c1b25d603006361836649c558777a1a872053 (patch) | |
tree | f95cf728abf08fe74e16fef2195f36f714e40a7d | |
parent | 33e216daf7f89542cc6c91f1e97da6fdb71eecf8 (diff) | |
download | rsyslog-672c1b25d603006361836649c558777a1a872053.tar.gz rsyslog-672c1b25d603006361836649c558777a1a872053.tar.xz rsyslog-672c1b25d603006361836649c558777a1a872053.zip |
added note on importance of statement sequence to tls doc
-rw-r--r-- | doc/rsyslog_secure_tls.html | 2 | ||||
-rw-r--r-- | doc/tls_cert_server.html | 9 |
2 files changed, 10 insertions, 1 deletions
diff --git a/doc/rsyslog_secure_tls.html b/doc/rsyslog_secure_tls.html index be2811f4..b15e5a4e 100644 --- a/doc/rsyslog_secure_tls.html +++ b/doc/rsyslog_secure_tls.html @@ -51,7 +51,7 @@ google_ad_height = 125; src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> </span> -I private keys have become known to third parties, the system does not provide +If private keys have become known to third parties, the system does not provide any security at all. Also, our solution bases on X.509 certificates and a (very limited) chain of trust. We have one instance (the CA) that issues all machine certificates. The machine certificate indentifies a particular machine. hile in diff --git a/doc/tls_cert_server.html b/doc/tls_cert_server.html index 9c68db5d..9c024bc9 100644 --- a/doc/tls_cert_server.html +++ b/doc/tls_cert_server.html @@ -37,6 +37,15 @@ src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> </span> <p><center><img src="tls_cert_100.jpg"></center> +<p><i><font color="red"><b>Important:</b> Keep in mind that the order of configuration directives +is very important in rsyslog. As such, the samples given below do only work if the given +order is preserved.</font> Re-ordering the directives can break configurations and has broken them +in practice. If you intend to re-order them, please be sure that you fully understand how +the configuration language works and, most importantly, which statements form a block together. +Please also note that we understand the the current configuration file format is +ugly. However, there has been more important work in the way of enhancing it. If you would like +to contribute some time to improve the config file language, please let us know. Any help +is appreciated (be it doc or coding work!).</i> <p>Steps to do: <ul> <li>make sure you have a functional CA (<a href="tls_cert_ca.html">Setting up the CA</a>) |