SSL instructions simplified
| От | Bruce Momjian |
|---|---|
| Тема | SSL instructions simplified |
| Дата | |
| Msg-id | 200209270203.g8R23oA14257@candle.pha.pa.us обсуждение исходный текст |
| Список | pgsql-docs |
This simplifies the instructions for creating SSL certificates. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 Index: doc/src/sgml/runtime.sgml =================================================================== RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v retrieving revision 1.140 diff -c -c -r1.140 runtime.sgml *** doc/src/sgml/runtime.sgml 26 Sep 2002 04:41:54 -0000 1.140 --- doc/src/sgml/runtime.sgml 27 Sep 2002 02:02:25 -0000 *************** *** 2862,2868 **** self-signed certificate, use the following <productname>OpenSSL</productname> command: <programlisting> ! openssl req -new -text -out cert.req </programlisting> Fill out the information that <command>openssl</> asks for. Make sure that you enter the local host name as Common Name; the challenge --- 2862,2869 ---- self-signed certificate, use the following <productname>OpenSSL</productname> command: <programlisting> ! cd <replaceable>$PGDATA</replaceable> ! openssl req -new -text -out server.req </programlisting> Fill out the information that <command>openssl</> asks for. Make sure that you enter the local host name as Common Name; the challenge *************** *** 2871,2884 **** than four characters long. To remove the passphrase (as you must if you want automatic start-up of the server), run the commands <programlisting> ! openssl rsa -in privkey.pem -out cert.pem </programlisting> Enter the old passphrase to unlock the existing key. Now do <programlisting> ! openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert ! chmod og-rwx cert.pem ! cp cert.pem <replaceable>$PGDATA</replaceable>/server.key ! cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt </programlisting> to turn the certificate into a self-signed certificate and to copy the key and certificate to where the server will look for them. --- 2872,2884 ---- than four characters long. To remove the passphrase (as you must if you want automatic start-up of the server), run the commands <programlisting> ! openssl rsa -in privkey.pem -out server.key ! rm privkey.pem </programlisting> Enter the old passphrase to unlock the existing key. Now do <programlisting> ! openssl req -x509 -in server.req -text -key server.key -out server.crt ! chmod og-rwx server.key </programlisting> to turn the certificate into a self-signed certificate and to copy the key and certificate to where the server will look for them.
В списке pgsql-docs по дате отправления: