From 2b67c9d207d428c2476af0dd39043d83469d70c2 Mon Sep 17 00:00:00 2001 From: Andrew Dunstan Date: Tue, 18 Apr 2017 08:50:15 -0400 Subject: [PATCH] Simplify docs on creating a self-signed SSL certificate Discussion: --- doc/src/sgml/runtime.sgml | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 01153f9a37..6865b73011 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2389,28 +2389,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 Creating a Self-signed Certificate - To create a quick self-signed certificate for the server, use the - following OpenSSL command: + To create a quick self-signed certificate for the server, valid for 365 + days, use the following OpenSSL command, using + the local host name in the subject argument: -openssl req -new -text -out server.req +openssl req -new -x509 -days 365 -nodes -text -out server.crt \ + -keyout server.key -subj "/CN=yourdomain.com" - Fill out the information that openssl asks for. Make sure - you enter the local host name as Common Name; the challenge - password can be left blank. The program will generate a key that is - passphrase protected; it will not accept a passphrase that is less - than four characters long. To remove the passphrase again (as you must - if you want automatic start-up of the server), next run the commands: - -openssl rsa -in privkey.pem -out server.key -rm privkey.pem - - Enter the old passphrase to unlock the existing key. Now do: - -openssl req -x509 -in server.req -text -key server.key -out server.crt - - to turn the certificate into a self-signed certificate and to copy - the key and certificate to where the server will look for them. - Finally do: + Then do: chmod og-rwx server.key -- 2.40.0