Skip to content

Commit 7a76215

Browse files
ShawnJacksonShawnJackson
authored
small changes
1 parent 1fce126 commit 7a76215

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/iot-operations/manage-mqtt-broker/howto-configure-authentication.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -336,7 +336,7 @@ For more information about how to enable secure settings by configuring an Azure
336336

337337
With X.509 authentication, the MQTT broker uses a *trusted Certificate Authority (CA) certificate* to validate client certificates. This trusted CA can be a root or intermediate CA. The broker checks the client certificate chain against the trusted CA certificate. If the chain is valid, the client is authenticated.
338338

339-
To use X.509 authentication with a trusted CA certificate, the following requirements must be met:
339+
To use X.509 authentication with a trusted CA certificate, you must meet the following requirements:
340340

341341
- **Transport Layer Security (TLS) protocol**: Because X.509 relies on TLS client certificates, [TLS must be enabled for ports by using X.509 authentication](./howto-configure-brokerlistener.md).
342342
- **Key algorithms**: Both EC and RSA keys are supported, but all certificates in the chain must use the same key algorithm.
@@ -587,7 +587,7 @@ x509Settings:
587587
588588
---
589589
590-
In this example, every client that has a certificate issued by the root CA with distinguished name `CN = Contoso Root CA Cert, OU = Engineering, C = US` or the intermediate CA with distinguished name `CN = Contoso Intermediate CA` receives the attributes listed. In addition, the smart fan client certificate receives attributes specific to it.
590+
In this example, every client that has a certificate issued by the root CA with distinguished name `CN = Contoso Root CA Cert, OU = Engineering, C = US` or the intermediate CA with distinguished name `CN = Contoso Intermediate CA` receives the attributes listed. In addition, the smart-fan client certificate receives attributes specific to it.
591591

592592
The matching for attributes always starts from the leaf client certificate and then goes along the chain. The attribute assignment stops after the first match. In the previous example, even if `smart-fan` has the intermediate certificate `CN = Contoso Intermediate CA`, it doesn't get the associated attributes.
593593

0 commit comments

Comments
 (0)