Navigation


Changeset 18:e7187583dcf8 in freeDiameter for doc


Ignore:
Timestamp:
Oct 5, 2009, 5:13:01 PM (14 years ago)
Author:
Sebastien Decugis <sdecugis@nict.go.jp>
Branch:
default
Phase:
public
Message:

Added CA helper script

File:
1 edited

Legend:

Unmodified
Added
Removed
  • doc/freediameter.conf.sample

    r13 r18  
    6666#ListenOn = "202.249.37.5";
    6767#ListenOn = "2001:200:903:2::202:1";
     68
     69##############################################################
     70##  TLS Configuration
     71
     72# TLS is managed by the GNUTLS library in the freeDiameter daemon.
     73# You may find more information about parameters and special behaviors
     74# in the relevant documentation.
     75# http://www.gnu.org/software/gnutls/manual/
     76
     77# Credentials of the local peer
     78# The X509 certificate and private key file to use for the local peer.
     79# The files must contain PKCS-1 encoded RSA key, in PEM format.
     80# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
     81# Default : NO DEFAULT
     82#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
     83
     84# Certificate authority / trust anchors
     85# The file containing the list of trusted Certificate Authorities (PEM list)
     86# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
     87# The directive can appear several times to specify several files.
     88# Default : GNUTLS default behavior
     89#TLS_CA = "<file.PEM>";
     90
     91# Certificate Revocation List file
     92# The information about revoked certificates.
     93# The file contains a list of trusted CRLs in PEM format. They should have been verified before.
     94# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
     95# Default : GNUTLS default behavior
     96#TLS_CRL = "<file.PEM>";
     97
     98# GNU TLS Priority string
     99# This string allows to configure the behavior of GNUTLS key exchanges
     100# algorithms. See gnutls_priority_init function documentation for information.
     101# You should also refer to the Diameter required TLS support here:
     102#   http://tools.ietf.org/html/draft-ietf-dime-rfc3588bis-18#section-13.1
     103# Default : "NORMAL"
     104# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
     105#TLS_Prio = "NORMAL";
     106
     107# Diffie-Hellman parameters size
     108# Set the number of bits for generated DH parameters
     109# Valid value should be 768, 1024, 2048, 3072 or 4096.
     110# (This parameter is passed to gnutls_dh_params_generate2 function,
     111# it usually should match RSA key size)
     112# Default : 1024
     113#TLS_DH_Bits = 1024;
     114
    68115
    69116##############################################################
Note: See TracChangeset for help on using the changeset viewer.