public inbox for [email protected]  
help / color / mirror / Atom feed
From: Bruce Momjian <[email protected]>
To: PostgreSQL-documentation <[email protected]>
Subject: SSL instructions simplified
Date: Thu, 26 Sep 2002 22:03:50 -0400 (EDT)
Message-ID: <[email protected]> (raw)

This simplifies the instructions for creating SSL certificates.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  [email protected]               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v
retrieving revision 1.140
diff -c -c -r1.140 runtime.sgml
*** doc/src/sgml/runtime.sgml	26 Sep 2002 04:41:54 -0000	1.140
--- doc/src/sgml/runtime.sgml	27 Sep 2002 02:02:25 -0000
***************
*** 2862,2868 ****
     self-signed certificate, use the following
     <productname>OpenSSL</productname> command:
  <programlisting>
! openssl req -new -text -out cert.req
  </programlisting>
     Fill out the information that <command>openssl</> asks for. Make sure
     that you enter the local host name as Common Name; the challenge
--- 2862,2869 ----
     self-signed certificate, use the following
     <productname>OpenSSL</productname> command:
  <programlisting>
! cd <replaceable>$PGDATA</replaceable>
! openssl req -new -text -out server.req
  </programlisting>
     Fill out the information that <command>openssl</> asks for. Make sure
     that you enter the local host name as Common Name; the challenge
***************
*** 2871,2884 ****
     than four characters long. To remove the passphrase (as you must if
     you want automatic start-up of the server), run the commands
  <programlisting>
! openssl rsa -in privkey.pem -out cert.pem
  </programlisting>
     Enter the old passphrase to unlock the existing key. Now do
  <programlisting>
! openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
! chmod og-rwx cert.pem
! cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
! cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
  </programlisting>
     to turn the certificate into a self-signed certificate and to copy the
     key and certificate to where the server will look for them.
--- 2872,2884 ----
     than four characters long. To remove the passphrase (as you must if
     you want automatic start-up of the server), run the commands
  <programlisting>
! openssl rsa -in privkey.pem -out server.key
! rm privkey.pem
  </programlisting>
     Enter the old passphrase to unlock the existing key. Now do
  <programlisting>
! openssl req -x509 -in server.req -text -key server.key -out server.crt
! chmod og-rwx server.key
  </programlisting>
     to turn the certificate into a self-signed certificate and to copy the
     key and certificate to where the server will look for them.


Attachments:

  [text/plain] /bjm/diff (2.3K, 2-%2Fbjm%2Fdiff)
  download | inline:
Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v
retrieving revision 1.140
diff -c -c -r1.140 runtime.sgml
*** doc/src/sgml/runtime.sgml	26 Sep 2002 04:41:54 -0000	1.140
--- doc/src/sgml/runtime.sgml	27 Sep 2002 02:02:25 -0000
***************
*** 2862,2868 ****
     self-signed certificate, use the following
     <productname>OpenSSL</productname> command:
  <programlisting>
! openssl req -new -text -out cert.req
  </programlisting>
     Fill out the information that <command>openssl</> asks for. Make sure
     that you enter the local host name as Common Name; the challenge
--- 2862,2869 ----
     self-signed certificate, use the following
     <productname>OpenSSL</productname> command:
  <programlisting>
! cd <replaceable>$PGDATA</replaceable>
! openssl req -new -text -out server.req
  </programlisting>
     Fill out the information that <command>openssl</> asks for. Make sure
     that you enter the local host name as Common Name; the challenge
***************
*** 2871,2884 ****
     than four characters long. To remove the passphrase (as you must if
     you want automatic start-up of the server), run the commands
  <programlisting>
! openssl rsa -in privkey.pem -out cert.pem
  </programlisting>
     Enter the old passphrase to unlock the existing key. Now do
  <programlisting>
! openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
! chmod og-rwx cert.pem
! cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
! cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
  </programlisting>
     to turn the certificate into a self-signed certificate and to copy the
     key and certificate to where the server will look for them.
--- 2872,2884 ----
     than four characters long. To remove the passphrase (as you must if
     you want automatic start-up of the server), run the commands
  <programlisting>
! openssl rsa -in privkey.pem -out server.key
! rm privkey.pem
  </programlisting>
     Enter the old passphrase to unlock the existing key. Now do
  <programlisting>
! openssl req -x509 -in server.req -text -key server.key -out server.crt
! chmod og-rwx server.key
  </programlisting>
     to turn the certificate into a self-signed certificate and to copy the
     key and certificate to where the server will look for them.

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: SSL instructions simplified
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox