| From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
|---|---|
| To: | pgsql-docs(at)postgresql(dot)org |
| Subject: | Creating Certificates |
| Date: | 2018-10-05 23:17:04 |
| Message-ID: | 20181006.081704.1372328430253415862.t-ishii@sraoss.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
In "18.9.3. Creating Certificates",
------------------------------------------------------------------
To create a server certificate whose identity can be validated by
clients, first create a certificate signing request (CSR) and a
public/private key file:
openssl req -new -nodes -text -out root.csr \
-keyout root.key -subj "/CN=root.yourdomain.com"
chmod og-rwx root.key
Then, sign the request with the key to create a root certificate
authority (using the default OpenSSL configuration file location on
Linux):
openssl x509 -req -in root.csr -text -days 3650 \
-extfile /etc/ssl/openssl.cnf -extensions v3_ca \
-signkey root.key -out root.crt
------------------------------------------------------------------
For me it seesm the two-step procedure can be replaced with following
one command:
openssl req -new -x509 -nodes -text -days 3650 \
-config /etc/ssl/openssl.cnf -extensions v3_ca \
-out root.crt -keyout root.key -subj "/CN=root.yourdomain.com"
Is there any reaon why our doc recommend the two-step procedure?
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2018-10-06 09:46:54 | Re: Creating Certificates |
| Previous Message | Jonathan S. Katz | 2018-10-04 22:33:07 | Re: Proposed HTML Documentation Styles |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2018-10-05 23:54:54 | Re: Segfault when creating partition with a primary key and sql_drop trigger exists |
| Previous Message | David Fetter | 2018-10-05 22:43:11 | Re: Early WIP/PoC for inlining CTEs |