[HACKERS] RE: [PATCHES] RE: SSL Connections [doc PATCH]
That would probably be good, yes :-) You shuold then change: mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem to openssl rsa -in privkey.pem -out cert.pem (Sorry, don't have access to the SGML source now, so I can't give you a patch) //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 24 januari 2001 16:03 To: Magnus Hagander Cc: PostgreSQL-development; PostgreSQL-documentation Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] But shouldn't we remove it to make it clearer? Needs fixing - no. The current version *works*. The fix would remove one unnecessary step from it, but it still *works* in it's current state. Sorry about this - I've missed looking at it. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 24 januari 2001 15:47 To: Magnus Hagander Cc: PostgreSQL-development; PostgreSQL-documentation Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] Again, is this something that needs fixing? Just a YES or NO is all I need. It looks Ok, but it has one unnecessary step. There is no need to do the "mv privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". But there is nothing wrong with it as it is now, as far as I can see. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 20:15 To: Magnus Hagander Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] I have applied an earlier patch to this file for SSL. Could you check the current tree and see how you like it? Thanks for that one! Here is a patch to update the documentation based on this - this should make it less dependant on the version of OpenSSL used. //Magnus -Original Message- From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 16:49 To: Oliver Elphick Cc: [EMAIL PROTECTED] Subject: Re: [HACKERS] SSL Connections On Wed, 20 Dec 2000, Oliver Elphick wrote: To create a quick self-signed certificate, use the CA.pl script included in OpenSSL: CA.pl -newcert Or you can do it manually: openssl req -new -text -out cert.req (you will have to enter a password) mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem (this removes the password) openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert Matthew. [ Attachment, skipping... ] -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] Re: [PATCHES] RE: SSL Connections [doc PATCH]
But shouldn't we remove it to make it clearer? Needs fixing - no. The current version *works*. The fix would remove one unnecessary step from it, but it still *works* in it's current state. Sorry about this - I've missed looking at it. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 24 januari 2001 15:47 To: Magnus Hagander Cc: PostgreSQL-development; PostgreSQL-documentation Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] Again, is this something that needs fixing? Just a YES or NO is all I need. It looks Ok, but it has one unnecessary step. There is no need to do the "mv privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". But there is nothing wrong with it as it is now, as far as I can see. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 20:15 To: Magnus Hagander Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] I have applied an earlier patch to this file for SSL. Could you check the current tree and see how you like it? Thanks for that one! Here is a patch to update the documentation based on this - this should make it less dependant on the version of OpenSSL used. //Magnus -Original Message- From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 16:49 To: Oliver Elphick Cc: [EMAIL PROTECTED] Subject: Re: [HACKERS] SSL Connections On Wed, 20 Dec 2000, Oliver Elphick wrote: To create a quick self-signed certificate, use the CA.pl script included in OpenSSL: CA.pl -newcert Or you can do it manually: openssl req -new -text -out cert.req (you will have to enter a password) mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem (this removes the password) openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert Matthew. [ Attachment, skipping... ] -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] Re: [PATCHES] RE: SSL Connections [doc PATCH]
Again, is this something that needs fixing? Just a YES or NO is all I need. It looks Ok, but it has one unnecessary step. There is no need to do the "mv privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". But there is nothing wrong with it as it is now, as far as I can see. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 20:15 To: Magnus Hagander Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] I have applied an earlier patch to this file for SSL. Could you check the current tree and see how you like it? Thanks for that one! Here is a patch to update the documentation based on this - this should make it less dependant on the version of OpenSSL used. //Magnus -Original Message- From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 16:49 To: Oliver Elphick Cc: [EMAIL PROTECTED] Subject: Re: [HACKERS] SSL Connections On Wed, 20 Dec 2000, Oliver Elphick wrote: To create a quick self-signed certificate, use the CA.pl script included in OpenSSL: CA.pl -newcert Or you can do it manually: openssl req -new -text -out cert.req (you will have to enter a password) mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem (this removes the password) openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert Matthew. [ Attachment, skipping... ] -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] RE: [PATCHES] RE: SSL Connections [doc PATCH]
Needs fixing - no. The current version *works*. The fix would remove one unnecessary step from it, but it still *works* in it's current state. Sorry about this - I've missed looking at it. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 24 januari 2001 15:47 To: Magnus Hagander Cc: PostgreSQL-development; PostgreSQL-documentation Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] Again, is this something that needs fixing? Just a YES or NO is all I need. It looks Ok, but it has one unnecessary step. There is no need to do the "mv privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". But there is nothing wrong with it as it is now, as far as I can see. //Magnus -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 20:15 To: Magnus Hagander Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] I have applied an earlier patch to this file for SSL. Could you check the current tree and see how you like it? Thanks for that one! Here is a patch to update the documentation based on this - this should make it less dependant on the version of OpenSSL used. //Magnus -Original Message- From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] Sent: den 21 december 2000 16:49 To: Oliver Elphick Cc: [EMAIL PROTECTED] Subject: Re: [HACKERS] SSL Connections On Wed, 20 Dec 2000, Oliver Elphick wrote: To create a quick self-signed certificate, use the CA.pl script included in OpenSSL: CA.pl -newcert Or you can do it manually: openssl req -new -text -out cert.req (you will have to enter a password) mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem (this removes the password) openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert Matthew. [ Attachment, skipping... ] -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] Re: [PATCHES] RE: SSL Connections [doc PATCH]
That would probably be good, yes :-) You shuold then change: mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem to openssl rsa -in privkey.pem -out cert.pem (Sorry, don't have access to the SGML source now, so I can't give you a patch) OK, the SGML diff is: --- Index: doc/src/sgml/runtime.sgml === RCS file: /home/projects/pgsql/cvsroot/pgsql/doc/src/sgml/runtime.sgml,v retrieving revision 1.46 diff -c -r1.46 runtime.sgml *** doc/src/sgml/runtime.sgml 2001/01/08 21:01:54 1.46 --- doc/src/sgml/runtime.sgml 2001/01/24 15:17:09 *** *** 1911,1918 To remove the passphrase (as you must if you want automatic start-up of the postmaster), run the commands programlisting ! mv privkey.pem cert.pem.pw ! openssl rsa -in cert.pem.pw -out cert.pem /programlisting Enter the old passphrase to unlock the existing key. Now do programlisting --- 1911,1917 To remove the passphrase (as you must if you want automatic start-up of the postmaster), run the commands programlisting ! openssl rsa -in privkey.pem -out cert.pem /programlisting Enter the old passphrase to unlock the existing key. Now do programlisting -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026