On Tue, Oct 16, 2018 at 11:45:53AM +0900, Tatsuo Ishii wrote: > > I'm not opposed to simplifying the instructions, however. > > Ok, attached is a proposal to simplify the instructions.
I am against this simplification for the reasons I stated in this thread. --------------------------------------------------------------------------- > > Best regards, > -- > Tatsuo Ishii > SRA OSS, Inc. Japan > English: http://www.sraoss.co.jp/index_en.php > Japanese:http://www.sraoss.co.jp > diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml > index 8d9d40664b..23f080eeab 100644 > --- a/doc/src/sgml/runtime.sgml > +++ b/doc/src/sgml/runtime.sgml > @@ -2426,21 +2426,15 @@ chmod og-rwx server.key > </para> > > <para> > - To create a server certificate whose identity can be validated > - by clients, first create a certificate signing request > - (<acronym>CSR</acronym>) and a public/private key file: > + To create a server certificate whose identity can be validated by > + clients, create a root certificate authority (using the > + default <productname>OpenSSL</productname> configuration file location > + on <productname>Linux</productname>): > <programlisting> > -openssl req -new -nodes -text -out root.csr \ > - -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>" > +openssl req -new -x509 -nodes -text -days 3650 \ > + -config /etc/ssl/openssl.cnf -extensions v3_ca \ > + -out root.crt -keyout root.key -subj > "/CN=<replaceable>root.yourdomain.com</replaceable>" > chmod og-rwx root.key > -</programlisting> > - Then, sign the request with the key to create a root certificate > - authority (using the default <productname>OpenSSL</productname> > - configuration file location on <productname>Linux</productname>): > -<programlisting> > -openssl x509 -req -in root.csr -text -days 3650 \ > - -extfile /etc/ssl/openssl.cnf -extensions v3_ca \ > - -signkey root.key -out root.crt > </programlisting> > Finally, create a server certificate signed by the new root certificate > authority: -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
