From: Bruce Momjian Date: Mon, 31 Aug 2020 20:21:03 +0000 (-0400) Subject: docs: clarify intermediate certificate creation instructions X-Git-Tag: REL9_5_24~70 X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=a8591cbb405d0ec39b06010d1700b3c431366875;p=postgresql.git docs: clarify intermediate certificate creation instructions Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5 --- diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index c4a7b1a2602..6403e37e6ae 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2233,8 +2233,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 The certificates of intermediate certificate authorities can also be appended to the file. Doing this avoids the necessity of storing intermediate certificates on clients, assuming the root and - intermediate certificates were created with v3_ca - extensions. This allows easier expiration of intermediate certificates. + intermediate certificates were created with v3_ca + extensions. (This sets the certificate's basic constraint of + CA to true.) + This allows easier expiration of intermediate certificates.