From: Bruce Momjian Date: Mon, 31 Aug 2020 20:21:03 +0000 (-0400) Subject: docs: clarify intermediate certificate creation instructions X-Git-Tag: REL_14_BETA1~1764 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b1ae70b3b4fd54220a0901eaf3dd4c5ca0827108;p=thirdparty%2Fpostgresql.git docs: clarify intermediate certificate creation instructions Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5 --- diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index c8698898f32..a01add94b7f 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2193,8 +2193,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 The certificates of intermediate certificate authorities can also be appended to the file. Doing this avoids the necessity of storing intermediate certificates on clients, assuming the root and - intermediate certificates were created with v3_ca - extensions. This allows easier expiration of intermediate certificates. + intermediate certificates were created with v3_ca + extensions. (This sets the certificate's basic constraint of + CA to true.) + This allows easier expiration of intermediate certificates.