public inbox for [email protected]
help / color / mirror / Atom feedFrom: Michael Paquier <[email protected]>
To: Bruce Momjian <[email protected]>
Cc: PostgreSQL-documentation <[email protected]>
Cc: Stephen Frost <[email protected]>
Cc: David Steele <[email protected]>
Subject: Re: Correction of intermediate certificate handling
Date: Wed, 17 Jan 2018 17:20:00 +0900
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On Tue, Jan 16, 2018 at 10:23:44PM -0500, Bruce Momjian wrote:
> On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote:
> > On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> > > On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
>
> I ended up merging the "chain of trust" changes into the "intermediate"
> patch since they affect adjacent sections of the docs. You can see this
> as the first attached patch.
Thanks. I looked at crt.diff and the surroundings in the docs. This one
looks consistent to me.
> > > > Perhaps the docs could also include an example of command to create a
> > > > root and an intermediate certificate in runtime.sgml or such?
> > >
> > > Yes, I have thought about that. My presentation has clear examples that
> > > we can use, again based on Stephen and David's scripts using v3_ca. I
> > > will work up a possible patch for that too.
> >
> > That too.
>
> I did that as a separate patch, which is the second attachment.
This is openssl.diff.
+ Then, sign the request with the the private key to create a root
+certificate authority:
s/the the/the/
+<programlisting>
+openssl req -new -nodes -text -out root.csr \
+ -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>"
+chmod og-rwx root.key
+openssl x509 -req -in root.csr -text -days 365 \
+ -extfile /etc/ssl/openssl.cnf -extensions v3_ca \
+ -signkey root.key -out root.crt
The succession of commands of commands for the intermediate certificates
is wild. Could it be possible to explain what each command means? Users
would not get lost this way.
> I don't think I will work on the testing changes.
Fine for me. This could do for a fine TODO item. Not one of those hard,
complicated and basically impossible things on the TODO list.
--
Michael
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
view thread (16+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Correction of intermediate certificate handling
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox