Navigation

Changeset 18:e7187583dcf8 in freeDiameter for doc


Ignore:
Timestamp:
Oct 5, 2009 5:13:01 PM (4 years ago)
Author:
Sebastien Decugis <sdecugis@nict.go.jp>
Branch:
default
Message:

Added CA helper script

File:
1 edited

Legend:

Unmodified
Added
Removed

  • doc/freediameter.conf.sample

    r13 r18  
    6666#ListenOn = "202.249.37.5"; 
    6767#ListenOn = "2001:200:903:2::202:1"; 
     68 
     69############################################################## 
     70##  TLS Configuration 
     71 
     72# TLS is managed by the GNUTLS library in the freeDiameter daemon. 
     73# You may find more information about parameters and special behaviors 
     74# in the relevant documentation. 
     75# http://www.gnu.org/software/gnutls/manual/ 
     76 
     77# Credentials of the local peer 
     78# The X509 certificate and private key file to use for the local peer. 
     79# The files must contain PKCS-1 encoded RSA key, in PEM format. 
     80# (These parameters are passed to gnutls_certificate_set_x509_key_file function) 
     81# Default : NO DEFAULT 
     82#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>"; 
     83 
     84# Certificate authority / trust anchors 
     85# The file containing the list of trusted Certificate Authorities (PEM list) 
     86# (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 
     87# The directive can appear several times to specify several files. 
     88# Default : GNUTLS default behavior 
     89#TLS_CA = "<file.PEM>"; 
     90 
     91# Certificate Revocation List file 
     92# The information about revoked certificates. 
     93# The file contains a list of trusted CRLs in PEM format. They should have been verified before.  
     94# (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 
     95# Default : GNUTLS default behavior 
     96#TLS_CRL = "<file.PEM>"; 
     97 
     98# GNU TLS Priority string 
     99# This string allows to configure the behavior of GNUTLS key exchanges  
     100# algorithms. See gnutls_priority_init function documentation for information. 
     101# You should also refer to the Diameter required TLS support here: 
     102#   http://tools.ietf.org/html/draft-ietf-dime-rfc3588bis-18#section-13.1 
     103# Default : "NORMAL" 
     104# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 
     105#TLS_Prio = "NORMAL"; 
     106 
     107# Diffie-Hellman parameters size 
     108# Set the number of bits for generated DH parameters 
     109# Valid value should be 768, 1024, 2048, 3072 or 4096. 
     110# (This parameter is passed to gnutls_dh_params_generate2 function,  
     111# it usually should match RSA key size) 
     112# Default : 1024 
     113#TLS_DH_Bits = 1024; 
     114 
    68115 
    69116############################################################## 
Note: See TracChangeset for help on using the changeset viewer.