diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/config.sgml | 8 | ||||
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 4 | ||||
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 8 | ||||
| -rw-r--r-- | doc/src/sgml/sslinfo.sgml | 2 |
4 files changed, 7 insertions, 15 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 2b6255ed95a..5f59a382f18 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -983,10 +983,6 @@ include_dir 'conf.d' The default is empty, meaning no CA file is loaded, and client certificate verification is not performed. </para> - <para> - In previous releases of PostgreSQL, the name of this file was - hard-coded as <filename>root.crt</filename>. - </para> </listitem> </varlistentry> @@ -1022,10 +1018,6 @@ include_dir 'conf.d' file or on the server command line. The default is empty, meaning no CRL file is loaded. </para> - <para> - In previous releases of PostgreSQL, the name of this file was - hard-coded as <filename>root.crl</filename>. - </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index f154b6b5faf..957096681a6 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -7638,8 +7638,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) certificate of the signing authority to the <filename>postgresql.crt</> file, then its parent authority's certificate, and so on up to a certificate authority, <quote>root</> or <quote>intermediate</>, that is trusted by - the server, i.e. signed by a certificate in the server's - <filename>root.crt</filename> file. + the server, i.e. signed by a certificate in the server's root CA file + (<xref linkend="guc-ssl-ca-file">). </para> <para> diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 6d57525515e..088316cfb64 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2264,7 +2264,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 <para> To require the client to supply a trusted certificate, place certificates of the certificate authorities (<acronym>CA</acronym>s) - you trust in the file <filename>root.crt</filename> in the data + you trust in a file named <filename>root.crt</filename> in the data directory, set the parameter <xref linkend="guc-ssl-ca-file"> in <filename>postgresql.conf</filename> to <literal>root.crt</literal>, and add the authentication option <literal>clientcert=1</literal> to the @@ -2321,7 +2321,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 <para> <xref linkend="ssl-file-usage"> summarizes the files that are relevant to the SSL setup on the server. (The shown file names are default - or typical names. The locally configured names could be different.) + names. The locally configured names could be different.) </para> <table id="ssl-file-usage"> @@ -2351,14 +2351,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 </row> <row> - <entry><xref linkend="guc-ssl-ca-file"> (<filename>$PGDATA/root.crt</>)</entry> + <entry><xref linkend="guc-ssl-ca-file"></entry> <entry>trusted certificate authorities</entry> <entry>checks that client certificate is signed by a trusted certificate authority</entry> </row> <row> - <entry><xref linkend="guc-ssl-crl-file"> (<filename>$PGDATA/root.crl</>)</entry> + <entry><xref linkend="guc-ssl-crl-file"></entry> <entry>certificates revoked by certificate authorities</entry> <entry>client certificate must not be on this list</entry> </row> diff --git a/doc/src/sgml/sslinfo.sgml b/doc/src/sgml/sslinfo.sgml index 7bda33efa32..1fd323a0b64 100644 --- a/doc/src/sgml/sslinfo.sgml +++ b/doc/src/sgml/sslinfo.sgml @@ -150,7 +150,7 @@ </para> <para> This function is really useful only if you have more than one trusted CA - certificate in your server's <filename>root.crt</> file, or if this CA + certificate in your server's certificate authority file, or if this CA has issued some intermediate certificate authority certificates. </para> </listitem> |