@@ -2389,28 +2389,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
23892389 <title>Creating a Self-signed Certificate</title>
23902390
23912391 <para>
2392- To create a quick self-signed certificate for the server, use the
2393- following <productname>OpenSSL</productname> command:
2392+ To create a quick self-signed certificate for the server, valid for 365
2393+ days, use the following <productname>OpenSSL</productname> command, using
2394+ the local host name in the subject argument:
23942395<programlisting>
2395- openssl req -new -text -out server.req
2396+ openssl req -new -x509 -days 365 -nodes -text -out server.crt \
2397+ -keyout server.key -subj "/CN=yourdomain.com"
23962398</programlisting>
2397- Fill out the information that <application>openssl</> asks for. Make sure
2398- you enter the local host name as <quote>Common Name</>; the challenge
2399- password can be left blank. The program will generate a key that is
2400- passphrase protected; it will not accept a passphrase that is less
2401- than four characters long. To remove the passphrase again (as you must
2402- if you want automatic start-up of the server), next run the commands:
2403- <programlisting>
2404- openssl rsa -in privkey.pem -out server.key
2405- rm privkey.pem
2406- </programlisting>
2407- Enter the old passphrase to unlock the existing key. Now do:
2408- <programlisting>
2409- openssl req -x509 -in server.req -text -key server.key -out server.crt
2410- </programlisting>
2411- to turn the certificate into a self-signed certificate and to copy
2412- the key and certificate to where the server will look for them.
2413- Finally do:
2399+ Then do:
24142400<programlisting>
24152401chmod og-rwx server.key
24162402</programlisting>