Received: from localhost (postgresql.org [64.49.215.8]) by postgresql.org (Postfix) with ESMTP id EC649476164 for ; Thu, 26 Sep 2002 22:03:52 -0400 (EDT) Received: from candle.pha.pa.us (momjian.navpoint.com [207.106.42.251]) by postgresql.org (Postfix) with ESMTP id ACAC9476B54 for ; Thu, 26 Sep 2002 22:03:50 -0400 (EDT) Received: (from pgman@localhost) by candle.pha.pa.us (8.11.6/8.10.1) id g8R23oA14257 for pgsql-docs@postgresql.org; Thu, 26 Sep 2002 22:03:50 -0400 (EDT) From: Bruce Momjian Message-Id: <200209270203.g8R23oA14257@candle.pha.pa.us> Subject: SSL instructions simplified To: PostgreSQL-documentation Date: Thu, 26 Sep 2002 22:03:50 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL99 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=ELM1033092230-28208-0_ Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS new-20020517 X-Archive-Number: 200209/37 X-Sequence-Number: 1489 --ELM1033092230-28208-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII This simplifies the instructions for creating SSL certificates. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 --ELM1033092230-28208-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain Content-Disposition: inline; filename="/bjm/diff" Index: doc/src/sgml/runtime.sgml =================================================================== RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v retrieving revision 1.140 diff -c -c -r1.140 runtime.sgml *** doc/src/sgml/runtime.sgml 26 Sep 2002 04:41:54 -0000 1.140 --- doc/src/sgml/runtime.sgml 27 Sep 2002 02:02:25 -0000 *************** *** 2862,2868 **** self-signed certificate, use the following OpenSSL command: ! openssl req -new -text -out cert.req Fill out the information that openssl asks for. Make sure that you enter the local host name as Common Name; the challenge --- 2862,2869 ---- self-signed certificate, use the following OpenSSL command: ! cd $PGDATA ! openssl req -new -text -out server.req Fill out the information that openssl asks for. Make sure that you enter the local host name as Common Name; the challenge *************** *** 2871,2884 **** than four characters long. To remove the passphrase (as you must if you want automatic start-up of the server), run the commands ! openssl rsa -in privkey.pem -out cert.pem Enter the old passphrase to unlock the existing key. Now do ! openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert ! chmod og-rwx cert.pem ! cp cert.pem $PGDATA/server.key ! cp cert.cert $PGDATA/server.crt to turn the certificate into a self-signed certificate and to copy the key and certificate to where the server will look for them. --- 2872,2884 ---- than four characters long. To remove the passphrase (as you must if you want automatic start-up of the server), run the commands ! openssl rsa -in privkey.pem -out server.key ! rm privkey.pem Enter the old passphrase to unlock the existing key. Now do ! openssl req -x509 -in server.req -text -key server.key -out server.crt ! chmod og-rwx server.key to turn the certificate into a self-signed certificate and to copy the key and certificate to where the server will look for them. --ELM1033092230-28208-0_--