A few years ago I figured out how to create intermediate certificates
that are transferred across OpenSSL connections by using the v3_ca
extension, and added this to the PG documentation.
I have now just figured out that v3_ca is just a heading in the openssl
configuration file, e.g., /etc/ssl/openssl.cnf, and that it is
specifically this line that enables this to work:
basicConstraints = critical,CA:true
I have created the attached documentation patch to clarify exactly what
is needed, in case non-openssl tools are used.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
