Modernize the SSL documentation for creating certificates#473
Merged
Conversation
p-alik
approved these changes
Jul 18, 2026
p-alik
left a comment
Collaborator
There was a problem hiding this comment.
Docs-only change, low risk, technically sound. The switch to genpkey, -CAcreateserial, and especially the SAN extension block for the server cert are solid improvements — SAN support is genuinely needed since modern TLS clients reject CN-only hostname verification.
A few optional polish items for a follow-up, none blocking:
- The
-nodesflag on the CAreq -x509 -new -nodes -key gearmand-ca.key ...command is a no-op since-keysupplies an already-unencrypted existing key (-nodesonly matters whenreqgenerates a new key itself). - Could mention that
-CAcreateserialwill auto-creategearmand-ca.srlon first use, since the doc no longer explains where the serial file comes from. - Client/worker cert intentionally skips the SAN/extfile step (reasonable, since clients aren't hostname-verified) — a short clause noting why would avoid confusion given the doc otherwise stresses SAN as required.
Approving as-is.
Member
Author
|
Good feedback. I'm glad I waited to merge. I've removed |
Member
Author
|
Merged. The new documentation is visible at https://gearman.org/gearmand/gearmand/ssl/. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR updates the SSL documentation for creating CA, server, and client/worker certificates to modern usage with support for Subject Alternative Names (SAN).