On Sat, Apr 20, 2019 at 02:02:08AM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/11/ssl-tcp.html
> Description:
>
> In Section 18.9, the example showing how to create an SSL certificate:
>
> openssl req -new -x509 -days 365 -nodes -text -out server.crt \
> -keyout server.key -subj "/CN=dbhost.yourdomain.com"
>
> Generating a RSA private key
> ..............................+++++
> ..............................................................................................+++++
> writing new private key to 'server.key'
> -----
> name is expected to be in the format /type0=value0/type1=value1/type2=...
> where characters may be escaped by \. This name is not in that format:
> '/CN=dbhost.yourdomain.com'
> problems making Certificate Request
>
> A little research showed me I had to add a /C=<2 character country
> name>/L=<location>/ST=<state>/O=<organization>/OU=<organization unit> to the
>
> '/CN=dbhost.yourdomain.com' string. I also discovered that the /C=<country
> name> had to be 2 characters.
What version of openssl is this, and what platform? That command works
for me on Debian stretch, OpenSSL 1.1.0j 20 Nov 2018. What command are
you typing?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +