Re: Creating Certificates

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Tatsuo Ishii <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Creating Certificates
Date: Tue, 16 Oct 2018 11:45:53 +0900 (JST)
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>

> I'm not opposed to simplifying the instructions, however.

Ok, attached is a proposal to simplify the instructions.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp


Attachments:

  [text/x-patch] creating-certificates.diff (1.5K, 2-creating-certificates.diff)
  download | inline diff:
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 8d9d40664b..23f080eeab 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2426,21 +2426,15 @@ chmod og-rwx server.key
    </para>
 
    <para>
-    To create a server certificate whose identity can be validated
-    by clients, first create a certificate signing request
-    (<acronym>CSR</acronym>) and a public/private key file:
+    To create a server certificate whose identity can be validated by
+    clients, create a root certificate authority (using the
+    default <productname>OpenSSL</productname> configuration file location
+    on <productname>Linux</productname>):
 <programlisting>
-openssl req -new -nodes -text -out root.csr \
-  -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>"
+openssl req -new -x509 -nodes -text -days 3650 \
+  -config /etc/ssl/openssl.cnf -extensions v3_ca \
+  -out root.crt -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>"
 chmod og-rwx root.key
-</programlisting>
-    Then, sign the request with the key to create a root certificate
-    authority (using the default <productname>OpenSSL</productname>
-    configuration file location on <productname>Linux</productname>):
-<programlisting>
-openssl x509 -req -in root.csr -text -days 3650 \
-  -extfile /etc/ssl/openssl.cnf -extensions v3_ca \
-  -signkey root.key -out root.crt
 </programlisting>
     Finally, create a server certificate signed by the new root certificate
     authority:

view thread (9+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Creating Certificates
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox