From: Bruce Momjian Date: Mon, 31 Aug 2020 20:21:03 +0000 (-0400) Subject: docs: clarify intermediate certificate creation instructions X-Git-Tag: REL_11_10~107 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bdfd83f4a4cf97f7bd790f36783decada5e447a6;p=thirdparty%2Fpostgresql.git docs: clarify intermediate certificate creation instructions Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5 --- diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 1abfc8515c3..a73e9d78e3e 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2260,8 +2260,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 The certificates of intermediate certificate authorities can also be appended to the file. Doing this avoids the necessity of storing intermediate certificates on clients, assuming the root and - intermediate certificates were created with v3_ca - extensions. This allows easier expiration of intermediate certificates. + intermediate certificates were created with v3_ca + extensions. (This sets the certificate's basic constraint of + CA to true.) + This allows easier expiration of intermediate certificates.