Re: Correction of intermediate certificate handling
| От | Bruce Momjian |
|---|---|
| Тема | Re: Correction of intermediate certificate handling |
| Дата | |
| Msg-id | 20180117123442.GB26285@momjian.us обсуждение исходный текст |
| Ответ на | Re: Correction of intermediate certificate handling (Michael Paquier <michael.paquier@gmail.com>) |
| Ответы |
Re: Correction of intermediate certificate handling
Re: Correction of intermediate certificate handling |
| Список | pgsql-docs |
On Wed, Jan 17, 2018 at 05:20:00PM +0900, Michael Paquier wrote: > On Tue, Jan 16, 2018 at 10:23:44PM -0500, Bruce Momjian wrote: > > On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote: > > > On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote: > > > > On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote: > > > > I ended up merging the "chain of trust" changes into the "intermediate" > > patch since they affect adjacent sections of the docs. You can see this > > as the first attached patch. > > Thanks. I looked at crt.diff and the surroundings in the docs. This one > looks consistent to me. Good, thanks. > > I did that as a separate patch, which is the second attachment. > > This is openssl.diff. > > + Then, sign the request with the the private key to create a root > +certificate authority: > s/the the/the/ > > +<programlisting> > +openssl req -new -nodes -text -out root.csr \ > + -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>" > +chmod og-rwx root.key > +openssl x509 -req -in root.csr -text -days 365 \ > + -extfile /etc/ssl/openssl.cnf -extensions v3_ca \ > + -signkey root.key -out root.crt > The succession of commands of commands for the intermediate certificates > is wild. Could it be possible to explain what each command means? Users > would not get lost this way. Yes, I was not happy about that either. I was afraid that pound-sign comments would look like root prompts but I just added them and they look fine. Updated patch attached, with some expiration and wording adjustments. There is also a new paragraph at the end explaining where to place the files. > > I don't think I will work on the testing changes. > > Fine for me. This could do for a fine TODO item. Not one of those hard, > complicated and basically impossible things on the TODO list. Agreed. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
Вложения
В списке pgsql-docs по дате отправления: