From a8591cbb405d0ec39b06010d1700b3c431366875 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Mon, 31 Aug 2020 16:21:03 -0400 Subject: [PATCH] docs: clarify intermediate certificate creation instructions Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5 --- doc/src/sgml/runtime.sgml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index c4a7b1a2602..6403e37e6ae 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2233,8 +2233,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 The certificates of intermediate certificate authorities can also be appended to the file. Doing this avoids the necessity of storing intermediate certificates on clients, assuming the root and - intermediate certificates were created with v3_ca - extensions. This allows easier expiration of intermediate certificates. + intermediate certificates were created with v3_ca + extensions. (This sets the certificate's basic constraint of + CA to true.) + This allows easier expiration of intermediate certificates. -- 2.39.5