On Wed, Jan 17, 2018 at 05:20:00PM +0900, Michael Paquier wrote:
> On Tue, Jan 16, 2018 at 10:23:44PM -0500, Bruce Momjian wrote:
> > On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote:
> > > On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> > > > On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
> >
> > I ended up merging the "chain of trust" changes into the "intermediate"
> > patch since they affect adjacent sections of the docs. You can see this
> > as the first attached patch.
>
> Thanks. I looked at crt.diff and the surroundings in the docs. This one
> looks consistent to me.
Good, thanks.
> > I did that as a separate patch, which is the second attachment.
>
> This is openssl.diff.
>
> + Then, sign the request with the the private key to create a root
> +certificate authority:
> s/the the/the/
>
> +<programlisting>
> +openssl req -new -nodes -text -out root.csr \
> + -keyout root.key -subj "/CN=<replaceable>root.yourdomain.com</replaceable>"
> +chmod og-rwx root.key
> +openssl x509 -req -in root.csr -text -days 365 \
> + -extfile /etc/ssl/openssl.cnf -extensions v3_ca \
> + -signkey root.key -out root.crt
> The succession of commands of commands for the intermediate certificates
> is wild. Could it be possible to explain what each command means? Users
> would not get lost this way.
Yes, I was not happy about that either. I was afraid that pound-sign
comments would look like root prompts but I just added them and they
look fine. Updated patch attached, with some expiration and wording
adjustments. There is also a new paragraph at the end explaining where
to place the files.
> > I don't think I will work on the testing changes.
>
> Fine for me. This could do for a fine TODO item. Not one of those hard,
> complicated and basically impossible things on the TODO list.
Agreed.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +