The config files which are used to generate the server and client
CAs claimed that these were self-signed, when they in reality are
signed by the root_ca (which however is self-signed). Reword the
comments to match.
Author: David Zhang <
[email protected]>
Discussion: https://postgr.es/m/
12f4c425-45fe-480f-a692-
b3ed82ebcb33@highgo.ca
-# An OpenSSL format CSR config file for creating the client root certificate.
-# This configuration file is also used when operating the CA.
+# An OpenSSL format CSR config file for creating the client Intermediate
+# Certificate Authority. This configuration file is also used when operating
+# the CA.
#
-# This certificate is used to sign client certificates. It is self-signed.
+# This certificate is used to sign client certificates. It is an Intermediate
+# CA.
[ req ]
distinguished_name = req_distinguished_name
# A root certificate authority. The server and client CA's certificates
-# are signed by this root CA.
+# are signed by this root CA. This certificate is self-signed.
[ req ]
distinguished_name = req_distinguished_name
-# An OpenSSL format CSR config file for creating the server root certificate.
-# This configuration file is also used when operating the CA.
+# An OpenSSL format CSR config file for creating the server Intermediate
+# Certificate Authority. This configuration file is also used when operating
+# the CA.
#
-# This certificate is used to sign server certificates. It is self-signed.
+# This certificate is used to sign server certificates. It is an Intermediate
+# CA.
[ req ]
distinguished_name = req_distinguished_name