From 0756921abeb8344dc4ca05b58016f71dddbe2ec9 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Mon, 31 Aug 2020 16:21:03 -0400
Subject: [PATCH] docs:  clarify intermediate certificate creation instructions

Specifically, explain the v3_ca openssl specification.

Discussion: https://postgr.es/m/20200824175653.GA32411@momjian.us

Backpatch-through: 9.5
---
 doc/src/sgml/runtime.sgml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index b07467e4672..ad3d9a97bab 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2255,8 +2255,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
    The certificates of <quote>intermediate</> certificate authorities
    can also be appended to the file.  Doing this avoids the necessity of
    storing intermediate certificates on clients, assuming the root and
-   intermediate certificates were created with <literal>v3_ca</>
-   extensions.  This allows easier expiration of intermediate certificates.
+   intermediate certificates were created with <literal>v3_ca </literal>
+   extensions.  (This sets the certificate's basic constraint of
+   <literal>CA</literal> to <literal>true</literal>.)
+   This allows easier expiration of intermediate certificates.
   </para>
 
   <para>