From dcc59f8ed61e0ad082f8bd895b599592b54f1b90 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Fri, 27 Sep 2002 02:04:39 +0000 Subject: [PATCH] Simplify SSL certificate instructions. --- doc/src/sgml/runtime.sgml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 703d2ddc95..36adf5ec94 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,5 +1,5 @@ @@ -2862,7 +2862,8 @@ $ kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`OpenSSL command: -openssl req -new -text -out cert.req +cd $PGDATA +openssl req -new -text -out server.req Fill out the information that openssl asks for. Make sure that you enter the local host name as Common Name; the challenge @@ -2871,14 +2872,13 @@ openssl req -new -text -out cert.req than four characters long. To remove the passphrase (as you must if you want automatic start-up of the server), run the commands -openssl rsa -in privkey.pem -out cert.pem +openssl rsa -in privkey.pem -out server.key +rm privkey.pem Enter the old passphrase to unlock the existing key. Now do -openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert -chmod og-rwx cert.pem -cp cert.pem $PGDATA/server.key -cp cert.cert $PGDATA/server.crt +openssl req -x509 -in server.req -text -key server.key -out server.crt +chmod og-rwx server.key to turn the certificate into a self-signed certificate and to copy the key and certificate to where the server will look for them. -- 2.11.0