Title: Configuring Netty Secure Sockets Layer (SSL) Describe the issue: #1 When used on an acceptor this is the path to the server side SSL key store that holds the keys of all the clients that the server trusts. This is only relevant for an acceptor if you are using two way SSL (i.e. mutual authentication). When used on a connector this is the path to the client-side SSL key store which holds the public keys of all the servers which the client trusts. When used on a connector this is the password for the client-side truststore. This path is configured on the server, but it is downloaded and used by the client. #2 trust-store-path: When used on an acceptor this is the path to the server side SSL key store that holds the keys of all the clients that the server trusts. When used on a connector this is the path to the client side SSL key store which holds the public keys of all the servers that the client trusts. This is relevant for a connector for both one way and two way SSL. This path can be configured on the server, but it is downloaded and used by the client Suggestions for improvement: #1: Delete the following: When used on a connector this is the password for the client-side truststore. #2: The first half is the description of key-store-path, not trust-store-path. Additional information:
Modification for fr-FR translation now completed #1 - I deleted the following: When used on a connector this is the password for the client-side truststore. #2 - I re-translated modified string: "When used on an acceptor this is the path to the server side SSL trust store that holds the certificates of keys of all the clients that the server trusts. When used on a connector this is the path to the client side SSL trust store which holds the certificates of public keys of all the servers that the client trusts. This is relevant for a connector for both one way and two way SSL. This path can be configured on the server, but it is downloaded and used by the client."
The key-store-path description was completely wrong (thanks Ito!). But the new text is not correct either. Current key-store-path description is: "When used on an acceptor this is the path to the server side SSL key store that holds the keys of all the clients that the server trusts. This is only relevant for an acceptor if you are using two way SSL (i.e. mutual authentication). When used on a connector this is the path to the client-side SSL key store which holds the public keys of all the servers which the client trusts. This path is configured on the server, but it is downloaded and used by the client." (Notice the word "trust" - we're describing trust stores here, ie which clients does the server trust (in case of an acceptor)? which servers does the client trust (connector)? The description here describes the trust-store-path, not key-store-path. And if you check the trust-store-path they are indeed almost the same). key-store-path description should be replaced with the following text: "When used on an acceptor this is the path to the SSL key store on the server which holds the server's certificates (whether self-signed or signed by an authority). When used on a connector this is the path to the client-side SSL key store which holds the client certificates. This is only relevant for a connector if you are using 2-way SSL (i.e. mutual authentication). Although this value is configured on the server, it is downloaded and used by the client." (Means for the server side - acceptor - key-store is the store with server certificate, and for the client side - connector - key-store is the store with client certificate.)
Looks good, thanks Nidhi