public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: PostgreSQL-documentation <[email protected]>
Subject: SSL instructions simplified
Date: Thu, 26 Sep 2002 22:03:50 -0400 (EDT)
Message-ID: <[email protected]> (raw)
This simplifies the instructions for creating SSL certificates.
--
Bruce Momjian | http://candle.pha.pa.us
[email protected] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v
retrieving revision 1.140
diff -c -c -r1.140 runtime.sgml
*** doc/src/sgml/runtime.sgml 26 Sep 2002 04:41:54 -0000 1.140
--- doc/src/sgml/runtime.sgml 27 Sep 2002 02:02:25 -0000
***************
*** 2862,2868 ****
self-signed certificate, use the following
<productname>OpenSSL</productname> command:
<programlisting>
! openssl req -new -text -out cert.req
</programlisting>
Fill out the information that <command>openssl</> asks for. Make sure
that you enter the local host name as Common Name; the challenge
--- 2862,2869 ----
self-signed certificate, use the following
<productname>OpenSSL</productname> command:
<programlisting>
! cd <replaceable>$PGDATA</replaceable>
! openssl req -new -text -out server.req
</programlisting>
Fill out the information that <command>openssl</> asks for. Make sure
that you enter the local host name as Common Name; the challenge
***************
*** 2871,2884 ****
than four characters long. To remove the passphrase (as you must if
you want automatic start-up of the server), run the commands
<programlisting>
! openssl rsa -in privkey.pem -out cert.pem
</programlisting>
Enter the old passphrase to unlock the existing key. Now do
<programlisting>
! openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
! chmod og-rwx cert.pem
! cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
! cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
</programlisting>
to turn the certificate into a self-signed certificate and to copy the
key and certificate to where the server will look for them.
--- 2872,2884 ----
than four characters long. To remove the passphrase (as you must if
you want automatic start-up of the server), run the commands
<programlisting>
! openssl rsa -in privkey.pem -out server.key
! rm privkey.pem
</programlisting>
Enter the old passphrase to unlock the existing key. Now do
<programlisting>
! openssl req -x509 -in server.req -text -key server.key -out server.crt
! chmod og-rwx server.key
</programlisting>
to turn the certificate into a self-signed certificate and to copy the
key and certificate to where the server will look for them.
Attachments:
[text/plain] /bjm/diff (2.3K, 2-%2Fbjm%2Fdiff)
download | inline:
Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v
retrieving revision 1.140
diff -c -c -r1.140 runtime.sgml
*** doc/src/sgml/runtime.sgml 26 Sep 2002 04:41:54 -0000 1.140
--- doc/src/sgml/runtime.sgml 27 Sep 2002 02:02:25 -0000
***************
*** 2862,2868 ****
self-signed certificate, use the following
<productname>OpenSSL</productname> command:
<programlisting>
! openssl req -new -text -out cert.req
</programlisting>
Fill out the information that <command>openssl</> asks for. Make sure
that you enter the local host name as Common Name; the challenge
--- 2862,2869 ----
self-signed certificate, use the following
<productname>OpenSSL</productname> command:
<programlisting>
! cd <replaceable>$PGDATA</replaceable>
! openssl req -new -text -out server.req
</programlisting>
Fill out the information that <command>openssl</> asks for. Make sure
that you enter the local host name as Common Name; the challenge
***************
*** 2871,2884 ****
than four characters long. To remove the passphrase (as you must if
you want automatic start-up of the server), run the commands
<programlisting>
! openssl rsa -in privkey.pem -out cert.pem
</programlisting>
Enter the old passphrase to unlock the existing key. Now do
<programlisting>
! openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
! chmod og-rwx cert.pem
! cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
! cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
</programlisting>
to turn the certificate into a self-signed certificate and to copy the
key and certificate to where the server will look for them.
--- 2872,2884 ----
than four characters long. To remove the passphrase (as you must if
you want automatic start-up of the server), run the commands
<programlisting>
! openssl rsa -in privkey.pem -out server.key
! rm privkey.pem
</programlisting>
Enter the old passphrase to unlock the existing key. Now do
<programlisting>
! openssl req -x509 -in server.req -text -key server.key -out server.crt
! chmod og-rwx server.key
</programlisting>
to turn the certificate into a self-signed certificate and to copy the
key and certificate to where the server will look for them.
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: SSL instructions simplified
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox