docs: clarify intermediate certificate creation instructions

Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5

docs: clarify intermediate certificate creation instructions
Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5
b1ae70b3 · Bruce Momjian · 70e791f4 · b1ae70b3
Commit b1ae70b3 authored Aug 31, 2020 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

doc/src/sgml/runtime.sgml doc/src/sgml/runtime.sgml +4 -2

No files found.
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2193,8 +2193,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
   The certificates of <quote>intermediate</quote> certificate authorities
   can also be appended to the file.  Doing this avoids the necessity of
   storing intermediate certificates on clients, assuming the root and
-   intermediate certificates were created with <literal>v3_ca</literal>
-   extensions.  This allows easier expiration of intermediate certificates.
+   intermediate certificates were created with <literal>v3_ca </literal>
+   extensions.  (This sets the certificate's basic constraint of
+   <literal>CA</literal> to <literal>true</literal>.)
+   This allows easier expiration of intermediate certificates.
  </para>

  <para>