From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | PostgreSQL-documentation <pgsql-docs(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, David Steele <david(at)pgmasters(dot)net> |
Subject: | Re: Correction of intermediate certificate handling |
Date: | 2018-01-18 02:00:17 |
Message-ID: | 20180118020017.GC19651@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
On Thu, Jan 18, 2018 at 10:25:03AM +0900, Michael Paquier wrote:
> On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> > Yes, I was not happy about that either. I was afraid that pound-sign
> > comments would look like root prompts but I just added them and they
> > look fine. Updated patch attached, with some expiration and wording
> > adjustments. There is also a new paragraph at the end explaining where
> > to place the files.
>
> Thanks, that's a net improvement. So +1 for this version.
>
> + enterprise-wide root <acronym>CAs</acronym>) should be used in production.
> Nit here. CA should not be plural.
>
> +</programlisting>
> + Then, sign the request with the the key to create a root certificate
> + authority:
> You still have a "the the" here.
>
> /etc/ssl/openssl.cnf is not available on macos or Windows, which can
> lead to a bit of confusion as I would imagine that people would
> copy/paste such commands when testing things. Perhaps it would be worth
> mentioning that this path is proper to usual Linux distributions (I can
> see it at least on ArchLinux and Debian), with a reference to this
> OpenSSL link:
> https://www.openssl.org/docs/manmaster/man5/config.html
>
> There is as well a set of tiny configuration files in src/test/ssl.
One odd thing about the configuration file is that you don't need to
modify it, but you do need to specify it for that command.
Fixed patch attached.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
Attachment | Content-Type | Size |
---|---|---|
openssl.diff | text/x-diff | 6.1 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2018-01-18 03:17:40 | Re: Correction of intermediate certificate handling |
Previous Message | Michael Paquier | 2018-01-18 01:25:03 | Re: Correction of intermediate certificate handling |