docs: clarify intermediate certificate creation instructions

Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us Backpatch-through: 9.5
author: Bruce Momjian <bruce@momjian.us> 2020-08-31 16:21:03 -0400
committer: Bruce Momjian <bruce@momjian.us> 2020-08-31 16:21:03 -0400
commit: bdfd83f4a4cf97f7bd790f36783decada5e447a6 (patch)
tree: 7f127dc711df941fde5a1f33515e68d25cc82f4d /doc/src
parent: 11d0ed6a053184dd9b3cc8d51a237791c770f5d1 (diff)
download: postgresql-bdfd83f4a4cf97f7bd790f36783decada5e447a6.tar.gz
postgresql-bdfd83f4a4cf97f7bd790f36783decada5e447a6.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 1abfc8515c3..a73e9d78e3e 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2260,8 +2260,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
    The certificates of <quote>intermediate</quote> certificate authorities
    can also be appended to the file.  Doing this avoids the necessity of
    storing intermediate certificates on clients, assuming the root and
-   intermediate certificates were created with <literal>v3_ca</literal>
-   extensions.  This allows easier expiration of intermediate certificates.
+   intermediate certificates were created with <literal>v3_ca </literal>
+   extensions.  (This sets the certificate's basic constraint of
+   <literal>CA</literal> to <literal>true</literal>.)
+   This allows easier expiration of intermediate certificates.
   </para>
 
   <para>
author	Bruce Momjian <bruce@momjian.us>	2020-08-31 16:21:03 -0400
committer	Bruce Momjian <bruce@momjian.us>	2020-08-31 16:21:03 -0400
commit	bdfd83f4a4cf97f7bd790f36783decada5e447a6 (patch)
tree	7f127dc711df941fde5a1f33515e68d25cc82f4d /doc/src
parent	11d0ed6a053184dd9b3cc8d51a237791c770f5d1 (diff)
download	postgresql-bdfd83f4a4cf97f7bd790f36783decada5e447a6.tar.gz postgresql-bdfd83f4a4cf97f7bd790f36783decada5e447a6.zip