Re: [HACKERS] Self-signed certificate instructions

On Sat, Apr 15, 2017 at 11:17:14AM -0400, Andrew Dunstan wrote:
> 
> 
> On 04/15/2017 09:58 AM, Andrew Dunstan wrote:
> > The instructions on how to create a self-signed certificate in s 18.9.3
> > of the docs seem unduly cumbersome. AFAICT we could replace all the
> > commands (except the chmod) with something like this:
> >
> >     |openssl req -new-x509 -days 365-nodes \ -text -outserver.crt\
> >     -keyout server.key\ -subj "/C=XY/CN=yourdomain.name"|
> >
> > Is there any reason for sticking with the current instructions?
> >
> 
> Argh. Darn Thunderbird. This should of course be:
> 
> 
>     openssl req -new-x509 -days 365-nodes \                                 ^^^^^^^^^

I think you meant "-days 365 -nodes" here.

I think the reason we have those cumbersome instructions is that there
is no way to create a non-expireable certificate using simpler
instructions.

I would like to revisit these instructions, as well as document how to
create intermediate certificates.  I have scripts that do that.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +