summaryrefslogtreecommitdiff
path: root/doc/src
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src')
-rw-r--r--doc/src/sgml/runtime.sgml19
1 files changed, 12 insertions, 7 deletions
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 38f561886a1..130c3864622 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2159,8 +2159,13 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
</para>
<para>
- The private key cannot be protected with a passphrase, as there is no
- way to supply the passphrase to the server.
+ If the private key is protected with a passphrase, the
+ server will prompt for the passphrase and will not start until it has
+ been entered.
+ Using a passphrase also disables the ability to change the server's SSL
+ configuration without a server restart.
+ Furthermore, passphrase-protected private keys cannot be used at all
+ on Windows.
</para>
<para>
@@ -2293,9 +2298,9 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
<para>
If an error in these files is detected at server start, the server will
refuse to start. But if an error is detected during a configuration
- reload, the files are ignored and the old values continue to be used.
- On <systemitem class="osname">Windows</> systems, if an error in these
- files is detected at backend start, that backend will be unable to
+ reload, the files are ignored and the old SSL configuration continues to
+ be used. On <systemitem class="osname">Windows</> systems, if an error in
+ these files is detected at backend start, that backend will be unable to
establish an SSL connection. In all these cases, the error condition is
reported in the server log.
</para>
@@ -2314,8 +2319,8 @@ openssl req -new -text -out server.req
you enter the local host name as <quote>Common Name</>; the challenge
password can be left blank. The program will generate a key that is
passphrase protected; it will not accept a passphrase that is less
- than four characters long. To remove the passphrase again (as you must),
- next run the commands:
+ than four characters long. To remove the passphrase again (as you must
+ if you want automatic start-up of the server), next run the commands:
<programlisting>
openssl rsa -in privkey.pem -out server.key
rm privkey.pem
generated by cgit v1.2.3 (git 2.46.0) at 2025-11-18 17:08:02 +0000