11<!--
2- $Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.140 2002/09/26 04:41:54 momjian Exp $
2+ $Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.141 2002/09/27 02: 04:39 momjian Exp $
33-->
44
55<Chapter Id="runtime">
@@ -2862,7 +2862,8 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
28622862 self-signed certificate, use the following
28632863 <productname>OpenSSL</productname> command:
28642864<programlisting>
2865- openssl req -new -text -out cert.req
2865+ cd <replaceable>$PGDATA</replaceable>
2866+ openssl req -new -text -out server.req
28662867</programlisting>
28672868 Fill out the information that <command>openssl</> asks for. Make sure
28682869 that you enter the local host name as Common Name; the challenge
@@ -2871,14 +2872,13 @@ openssl req -new -text -out cert.req
28712872 than four characters long. To remove the passphrase (as you must if
28722873 you want automatic start-up of the server), run the commands
28732874<programlisting>
2874- openssl rsa -in privkey.pem -out cert.pem
2875+ openssl rsa -in privkey.pem -out server.key
2876+ rm privkey.pem
28752877</programlisting>
28762878 Enter the old passphrase to unlock the existing key. Now do
28772879<programlisting>
2878- openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
2879- chmod og-rwx cert.pem
2880- cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
2881- cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
2880+ openssl req -x509 -in server.req -text -key server.key -out server.crt
2881+ chmod og-rwx server.key
28822882</programlisting>
28832883 to turn the certificate into a self-signed certificate and to copy the
28842884 key and certificate to where the server will look for them.