docs: clarify intermediate certificate creation instructions

Specifically, explain the v3_ca openssl specification. Discussion: https://postgr.es/m/[email protected] Backpatch-through: 9.5
author: Bruce Momjian 2020-08-31 20:21:03 +0000
committer: Bruce Momjian 2020-08-31 20:21:03 +0000
commit: b1ae70b3b4fd54220a0901eaf3dd4c5ca0827108 (patch)
tree: 4ef77eb94c0955212e4699b112daf319b012f8df /doc/src/sgml/runtime.sgml
parent: 70e791f47e976a810254d52d38fbc33acdc8705f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index c8698898f32..a01add94b7f 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2193,8 +2193,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
    The certificates of <quote>intermediate</quote> certificate authorities
    can also be appended to the file.  Doing this avoids the necessity of
    storing intermediate certificates on clients, assuming the root and
-   intermediate certificates were created with <literal>v3_ca</literal>
-   extensions.  This allows easier expiration of intermediate certificates.
+   intermediate certificates were created with <literal>v3_ca </literal>
+   extensions.  (This sets the certificate's basic constraint of
+   <literal>CA</literal> to <literal>true</literal>.)
+   This allows easier expiration of intermediate certificates.
   </para>
 
   <para>
author	Bruce Momjian	2020-08-31 20:21:03 +0000
committer	Bruce Momjian	2020-08-31 20:21:03 +0000
commit	b1ae70b3b4fd54220a0901eaf3dd4c5ca0827108 (patch)
tree	4ef77eb94c0955212e4699b112daf319b012f8df /doc/src/sgml/runtime.sgml
parent	70e791f47e976a810254d52d38fbc33acdc8705f (diff)