diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml new file mode 100644 index 955f248..ad54564 *** a/doc/src/sgml/libpq.sgml --- b/doc/src/sgml/libpq.sgml *************** ldap://ldap.acme.com/cn=dbserver,cn=host *** 7179,7193 **** intermediate certificate authority, rather than one that is directly trusted by the server. To use such a certificate, append the certificate of the signing authority to the postgresql.crt ! file, then its parent authority's certificate, and so on up to a ! root authority that is trusted by the server. The root ! certificate should be included in every case where ! postgresql.crt contains more than one certificate. ! Note that root.crt lists the top-level CAs that are ! considered trusted for signing server certificates. In principle it need not list the CA that signed the client's certificate, though in most cases that CA would also be trusted for server certificates. --- 7179,7193 ---- intermediate certificate authority, rather than one that is directly trusted by the server. To use such a certificate, append the certificate of the signing authority to the postgresql.crt ! file, then its parent authority's certificate, and so on up to a certificate ! authority, root or intermediate, that is trusted by ! the server, i.e. appears in the server's root.crt ! file. ! Note that the client's ~/.postgresql/root.crt lists the top-level CAs ! that are considered trusted for signing server certificates. In principle it need not list the CA that signed the client's certificate, though in most cases that CA would also be trusted for server certificates. diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml new file mode 100644 index ab51782..fbed06f *** a/doc/src/sgml/runtime.sgml --- b/doc/src/sgml/runtime.sgml *************** pg_dumpall -p 5432 | psql -d postgres -p *** 1986,1995 **** intermediate certificate authority, rather than one that is directly trusted by clients. To use such a certificate, append the certificate of the signing authority to the server.crt file, ! then its parent authority's certificate, and so on up to a root ! authority that is trusted by the clients. The root certificate should ! be included in every case where server.crt contains more than ! one certificate. --- 1986,1995 ---- intermediate certificate authority, rather than one that is directly trusted by clients. To use such a certificate, append the certificate of the signing authority to the server.crt file, ! then its parent authority's certificate, and so on up to a certificate ! authority, root or intermediate, that is trusted by ! clients, i.e. appears in the clients' root.crt ! files.