[mirror_ovs.git] / lib / ssl.xml

<?xml version="1.0" encoding="utf-8"?>
<dl>
  <dt><code>-p</code> <var>privkey.pem</var></dt>
  <dt><code>--private-key=</code><var>privkey.pem</var></dt>
  <dd>
    Specifies a PEM file containing the private key used as
    identity for outgoing SSL connections.
  </dd>

  <dt><code>-c</code> <var>cert.pem</var></dt>
  <dt><code>--certificate=</code><var>cert.pem</var></dt>
  <dd>
    Specifies a PEM file containing a certificate that certifies the
    private key specified on <code>-p</code> or <code>--private-key</code> to be
    trustworthy.  The certificate must be signed by the certificate
    authority (CA) that the peer in SSL connections will use to verify it.
  </dd>

  <dt><code>-C</code> <var>cacert.pem</var></dt>
  <dt><code>--ca-cert=</code><var>cacert.pem</var></dt>
  <dd>
    Specifies a PEM file containing the CA certificate for
    verifying certificates presented to this program by SSL peers.  (This
    may be the same certificate that SSL peers use to verify the
    certificate specified on <code>-c</code> or <code>--certificate</code>, or it may
    be a different one, depending on the PKI design in use.)
  </dd>

  <dt><code>-C none</code></dt>
  <dt><code>--ca-cert=none</code></dt>
  <dd>
    Disables verification of certificates presented by SSL peers.  This
    introduces a security risk, because it means that certificates cannot
    be verified to be those of known trusted hosts.
  </dd>
</dl>
Commit	Line	Data
0fdc4312 BP	1	<?xml version="1.0" encoding="utf-8"?>
	2	<dl>
	3	<dt><code>-p</code> <var>privkey.pem</var></dt>
	4	<dt><code>--private-key=</code><var>privkey.pem</var></dt>
	5	<dd>
	6	Specifies a PEM file containing the private key used as
	7	identity for outgoing SSL connections.
	8	</dd>
	9
	10	<dt><code>-c</code> <var>cert.pem</var></dt>
	11	<dt><code>--certificate=</code><var>cert.pem</var></dt>
	12	<dd>
	13	Specifies a PEM file containing a certificate that certifies the
	14	private key specified on <code>-p</code> or <code>--private-key</code> to be
	15	trustworthy. The certificate must be signed by the certificate
	16	authority (CA) that the peer in SSL connections will use to verify it.
	17	</dd>
	18
	19	<dt><code>-C</code> <var>cacert.pem</var></dt>
	20	<dt><code>--ca-cert=</code><var>cacert.pem</var></dt>
	21	<dd>
	22	Specifies a PEM file containing the CA certificate for
	23	verifying certificates presented to this program by SSL peers. (This
	24	may be the same certificate that SSL peers use to verify the
	25	certificate specified on <code>-c</code> or <code>--certificate</code>, or it may
	26	be a different one, depending on the PKI design in use.)
	27	</dd>
	28
	29	<dt><code>-C none</code></dt>
	30	<dt><code>--ca-cert=none</code></dt>
	31	<dd>
	32	Disables verification of certificates presented by SSL peers. This
	33	introduces a security risk, because it means that certificates cannot
	34	be verified to be those of known trusted hosts.
	35	</dd>
	36	</dl>