Re: Correction of intermediate certificate handling

On Thu, Jan 18, 2018 at 10:25:03AM +0900, Michael Paquier wrote:
> On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> > Yes, I was not happy about that either. I was afraid that pound-sign
> > comments would look like root prompts but I just added them and they
> > look fine. Updated patch attached, with some expiration and wording
> > adjustments. There is also a new paragraph at the end explaining where
> > to place the files.
>
> Thanks, that's a net improvement. So +1 for this version.
>
> + enterprise-wide root <acronym>CAs</acronym>) should be used in production.
> Nit here. CA should not be plural.
>
> +</programlisting>
> + Then, sign the request with the the key to create a root certificate
> + authority:
> You still have a "the the" here.
>
> /etc/ssl/openssl.cnf is not available on macos or Windows, which can
> lead to a bit of confusion as I would imagine that people would
> copy/paste such commands when testing things. Perhaps it would be worth
> mentioning that this path is proper to usual Linux distributions (I can
> see it at least on ArchLinux and Debian), with a reference to this
> OpenSSL link:
> https://www.openssl.org/docs/manmaster/man5/config.html
>
> There is as well a set of tiny configuration files in src/test/ssl.

One odd thing about the configuration file is that you don't need to
modify it, but you do need to specify it for that command.

Fixed patch attached.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +