Simplify SSL certificate instructions.

This commit is contained in:
Bruce Momjian 2002-09-27 02:04:39 +00:00
parent b2ab1e6bc9
commit dcc59f8ed6

View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.140 2002/09/26 04:41:54 momjian Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.141 2002/09/27 02:04:39 momjian Exp $
--> -->
<Chapter Id="runtime"> <Chapter Id="runtime">
@ -2862,7 +2862,8 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
self-signed certificate, use the following self-signed certificate, use the following
<productname>OpenSSL</productname> command: <productname>OpenSSL</productname> command:
<programlisting> <programlisting>
openssl req -new -text -out cert.req cd <replaceable>$PGDATA</replaceable>
openssl req -new -text -out server.req
</programlisting> </programlisting>
Fill out the information that <command>openssl</> asks for. Make sure Fill out the information that <command>openssl</> asks for. Make sure
that you enter the local host name as Common Name; the challenge that you enter the local host name as Common Name; the challenge
@ -2871,14 +2872,13 @@ openssl req -new -text -out cert.req
than four characters long. To remove the passphrase (as you must if than four characters long. To remove the passphrase (as you must if
you want automatic start-up of the server), run the commands you want automatic start-up of the server), run the commands
<programlisting> <programlisting>
openssl rsa -in privkey.pem -out cert.pem openssl rsa -in privkey.pem -out server.key
rm privkey.pem
</programlisting> </programlisting>
Enter the old passphrase to unlock the existing key. Now do Enter the old passphrase to unlock the existing key. Now do
<programlisting> <programlisting>
openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert openssl req -x509 -in server.req -text -key server.key -out server.crt
chmod og-rwx cert.pem chmod og-rwx server.key
cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
</programlisting> </programlisting>
to turn the certificate into a self-signed certificate and to copy the to turn the certificate into a self-signed certificate and to copy the
key and certificate to where the server will look for them. key and certificate to where the server will look for them.