| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Self-signed certificate instructions |
| Date: | 2017-04-17 18:19:00 |
| Message-ID: | 20170417181900.GA8866@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Apr 15, 2017 at 11:17:14AM -0400, Andrew Dunstan wrote:
>
>
> On 04/15/2017 09:58 AM, Andrew Dunstan wrote:
> > The instructions on how to create a self-signed certificate in s 18.9.3
> > of the docs seem unduly cumbersome. AFAICT we could replace all the
> > commands (except the chmod) with something like this:
> >
> > |openssl req -new-x509 -days 365-nodes \ -text -outserver.crt\
> > -keyout server.key\ -subj "/C=XY/CN=yourdomain.name"|
> >
> > Is there any reason for sticking with the current instructions?
> >
>
> Argh. Darn Thunderbird. This should of course be:
>
>
> openssl req -new-x509 -days 365-nodes \
^^^^^^^^^
I think you meant "-days 365 -nodes" here.
I think the reason we have those cumbersome instructions is that there
is no way to create a non-expireable certificate using simpler
instructions.
I would like to revisit these instructions, as well as document how to
create intermediate certificates. I have scripts that do that.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2017-04-17 18:27:41 | Re: logical replication and PANIC during shutdown checkpoint in publisher |
| Previous Message | Peter Eisentraut | 2017-04-17 18:09:54 | Re: tablesync patch broke the assumption that logical rep depends on? |