public inbox for [email protected]
help / color / mirror / Atom feedFrom: Michael Paquier <[email protected]>
To: Bruce Momjian <[email protected]>
Cc: PostgreSQL-documentation <[email protected]>
Cc: Stephen Frost <[email protected]>
Cc: David Steele <[email protected]>
Subject: Re: Correction of intermediate certificate handling
Date: Thu, 18 Jan 2018 10:25:03 +0900
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> On Wed, Jan 17, 2018 at 05:20:00PM +0900, Michael Paquier wrote:
> > The succession of commands of commands for the intermediate certificates
> > is wild. Could it be possible to explain what each command means? Users
> > would not get lost this way.
>
> Yes, I was not happy about that either. I was afraid that pound-sign
> comments would look like root prompts but I just added them and they
> look fine. Updated patch attached, with some expiration and wording
> adjustments. There is also a new paragraph at the end explaining where
> to place the files.
Thanks, that's a net improvement. So +1 for this version.
+ enterprise-wide root <acronym>CAs</acronym>) should be used in production.
Nit here. CA should not be plural.
+</programlisting>
+ Then, sign the request with the the key to create a root certificate
+ authority:
You still have a "the the" here.
/etc/ssl/openssl.cnf is not available on macos or Windows, which can
lead to a bit of confusion as I would imagine that people would
copy/paste such commands when testing things. Perhaps it would be worth
mentioning that this path is proper to usual Linux distributions (I can
see it at least on ArchLinux and Debian), with a reference to this
OpenSSL link:
https://www.openssl.org/docs/manmaster/man5/config.html
There is as well a set of tiny configuration files in src/test/ssl.
--
Michael
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
view thread (16+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Correction of intermediate certificate handling
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox