On Sat, Apr 15, 2017 at 11:17:14AM -0400, Andrew Dunstan wrote:
>
>
> On 04/15/2017 09:58 AM, Andrew Dunstan wrote:
> > The instructions on how to create a self-signed certificate in s 18.9.3
> > of the docs seem unduly cumbersome. AFAICT we could replace all the
> > commands (except the chmod) with something like this:
> >
> > |openssl req -new-x509 -days 365-nodes \ -text -outserver.crt\
> > -keyout server.key\ -subj "/C=XY/CN=yourdomain.name"|
> >
> > Is there any reason for sticking with the current instructions?
> >
>
> Argh. Darn Thunderbird. This should of course be:
>
>
> openssl req -new-x509 -days 365-nodes \ ^^^^^^^^^
I think you meant "-days 365 -nodes" here.
I think the reason we have those cumbersome instructions is that there
is no way to create a non-expireable certificate using simpler
instructions.
I would like to revisit these instructions, as well as document how to
create intermediate certificates. I have scripts that do that.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +