From fb1e64b2ee3a31ece5de869fc3a4be0ab415f2ca Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Wed, 15 Jun 2016 10:33:53 +0000
Subject: [PATCH] OPENDJ-3104 Document that public and private key nicknames must match

---
 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml |   12 ++++++++----
 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/Package.xml                              |   12 ++++++++----
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml
index bdf1993..d649098 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml
@@ -13,7 +13,7 @@
   information: "Portions Copyright [year] [name of copyright owner]".
 
   Copyright 2007-2008 Sun Microsystems, Inc.
-  Portions Copyright 2012-2015 ForgeRock AS.
+  Portions Copyright 2012-2016 ForgeRock AS.
   ! -->
 <adm:managed-object name="administration-connector"
   plural-name="administration-connectors"
@@ -131,12 +131,16 @@
   </adm:property>
   <adm:property name="ssl-cert-nickname" mandatory="true" multi-valued="true">
     <adm:synopsis>
-      Specifies the nicknames (also called the aliases) of the certificates
+      Specifies the nicknames (also called the aliases) of the keys or key pairs
       that the
       <adm:user-friendly-name />
       should use when performing SSL communication. The property can be used multiple times
-      (referencing different nicknames) when an RSA, a DSA, and an ECC based server certificate
-      is used in parallel.
+      (referencing different nicknames) when server certificates
+      with different public key algorithms are used in parallel
+      (for example, RSA, DSA, and ECC-based algorithms).
+      When a nickname refers to an asymmetric (public/private) key pair,
+      the nickname for the public key certificate and associated private key entry must match exactly.
+      A single nickname is used to retrieve both the public key and the private key.
     </adm:synopsis>
     <adm:requires-admin-action>
       <adm:server-restart />
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/Package.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/Package.xml
index 9cccd58..2efdf27 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/Package.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/Package.xml
@@ -13,7 +13,7 @@
   information: "Portions Copyright [year] [name of copyright owner]".
 
   Copyright 2007-2009 Sun Microsystems, Inc.
-  Portions Copyright 2011-2015 ForgeRock AS.
+  Portions Copyright 2011-2016 ForgeRock AS.
   ! -->
 <adm:package name="org.forgerock.opendj.server.config"
   xmlns:adm="http://opendj.forgerock.org/admin"
@@ -73,12 +73,16 @@
   <adm:property name="ssl-cert-nickname" multi-valued="true">
     <adm:TODO>Need a better default description.</adm:TODO>
     <adm:synopsis>
-      Specifies the nicknames (also called the aliases) of the certificates
+      Specifies the nicknames (also called the aliases) of the keys or key pairs
       that the
       <adm:user-friendly-name />
       should use when performing SSL communication. The property can be used multiple times
-      (referencing different nicknames) when an RSA, a DSA, and an ECC based server certificate
-      is used in parallel.
+      (referencing different nicknames) when server certificates
+      with different public key algorithms are used in parallel
+      (for example, RSA, DSA, and ECC-based algorithms).
+      When a nickname refers to an asymmetric (public/private) key pair,
+      the nickname for the public key certificate and associated private key entry must match exactly.
+      A single nickname is used to retrieve both the public key and the private key.
     </adm:synopsis>
     <adm:description>
       This is only applicable when the

--
Gitblit v1.10.0