| 123456789101112131415161718192021 |
- #!/bin/bash
- # https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-CERTIFICATE-CREATION
- DATADIR=test/data
- ROOT_SUBJ="/CN=epgsql CA"
- EPGSQL_SUBJ="/CN=epgsql_test_cert"
- set -x
- # generate root key
- openssl genrsa -out ${DATADIR}/root.key 2048
- # generate root cert
- openssl req -new -x509 -text -days 3650 -key ${DATADIR}/root.key -out ${DATADIR}/root.crt -subj "$ROOT_SUBJ"
- # generate client/server key
- openssl genrsa -out ${DATADIR}/epgsql.key 2048
- # generate client/server signature request
- openssl req -new -key ${DATADIR}/epgsql.key -out ${DATADIR}/epgsql.csr -subj "$EPGSQL_SUBJ"
- # create signed client/server cert
- openssl x509 -req -text -days 3650 -in ${DATADIR}/epgsql.csr -CA ${DATADIR}/root.crt -CAkey ${DATADIR}/root.key -CAcreateserial -out ${DATADIR}/epgsql.crt
- rm ${DATADIR}/*.{csr,srl}
|
