| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | PostgreSQL-documentation <pgsql-docs(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, David Steele <david(at)pgmasters(dot)net> |
| Subject: | Re: Correction of intermediate certificate handling |
| Date: | 2018-01-17 12:34:42 |
| Message-ID: | 20180117123442.GB26285@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Wed, Jan 17, 2018 at 05:20:00PM +0900, Michael Paquier wrote:
> On Tue, Jan 16, 2018 at 10:23:44PM -0500, Bruce Momjian wrote:
> > On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote:
> > > On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> > > > On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
> >
> > I ended up merging the "chain of trust" changes into the "intermediate"
> > patch since they affect adjacent sections of the docs. You can see this
> > as the first attached patch.
>
> Thanks. I looked at crt.diff and the surroundings in the docs. This one
> looks consistent to me.
Good, thanks.
> > I did that as a separate patch, which is the second attachment.
>
> This is openssl.diff.
>
> + Then, sign the request with the the private key to create a root
> +certificate authority:
> s/the the/the/
>
> +<programlisting>
> +openssl req -new -nodes -text -out root.csr \
> + -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>"
> +chmod og-rwx root.key
> +openssl x509 -req -in root.csr -text -days 365 \
> + -extfile /etc/ssl/openssl.cnf -extensions v3_ca \
> + -signkey root.key -out root.crt
> The succession of commands of commands for the intermediate certificates
> is wild. Could it be possible to explain what each command means? Users
> would not get lost this way.
Yes, I was not happy about that either. I was afraid that pound-sign
comments would look like root prompts but I just added them and they
look fine. Updated patch attached, with some expiration and wording
adjustments. There is also a new paragraph at the end explaining where
to place the files.
> > I don't think I will work on the testing changes.
>
> Fine for me. This could do for a fine TODO item. Not one of those hard,
> complicated and basically impossible things on the TODO list.
Agreed.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| Attachment | Content-Type | Size |
|---|---|---|
| openssl.diff | text/x-diff | 5.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2018-01-17 13:39:55 | Re: Correction of intermediate certificate handling |
| Previous Message | Michael Paquier | 2018-01-17 08:20:00 | Re: Correction of intermediate certificate handling |