duke-m/make_keys.sh

## make_keys.sh
#!/usr/bin/env sh

if [ `whoami` != "postgres" ]; then
	echo You are not postgres!
	exit
fi

if [ "$1" = "" ]; then
	echo "Usage:"
	echo "$0 [server|client] [cn]"
	echo "$0 remove"
	exit
fi

hostname=`hostname`
serverkey="server.key"
servercrt="server.crt"
rootcrt="root.crt"
postclient="postclient"
xstr="/C=CA/ST=AQ/L=Somewhere/O=Kabangaboom"

curdir=`pwd -P`
cd /usr/local/pgsql/data || exit

if [ "$1" = "server" ]; then

echo SERVER...
echo =========
if [ "$2" = "" ]; then
	cn=`host $hostname | sed 's/ has address.*//'` || exit
else
	cn=$2
fi
subject=$xstr/CN=$cn

echo Subject: $subject

for i in $serverkey $servercrt $rootcrt
do
	if [ -e $i ]; then mv -f  $i $i.backup
	fi
done
rm -f $serverkey $servercrt $rootcrt

echo $serverkey, $servercrt, $rootcrt...
openssl req  -nodes -new -x509  -keyout $serverkey -out $servercrt -subj $subject
chmod 400 $serverkey
cp $servercrt $rootcrt

elif [ "$1" = "client" ]; then

echo CLIENT...
echo =========

if [ "$2" = "" ]; then
	cn="postclient"
else
	cn=$2
fi

subject=$xstr/CN=$cn
echo "Subject: $subject"

for i in $postclient.key $postclient.csr
do
        if [ -e $i ]; then mv -f  $i $i.backup
        fi
done
rm -f $postclient.key $postclient.csr

echo $postclient.key, $postclient.csr...
openssl req  -nodes -new -x509  -keyout $postclient.key -out $postclient.csr -subj $subject
openssl req -new -key $postclient.key -out $postclient.csr -subj $subject
openssl x509 -req -in $postclient.csr -CA root.crt -CAkey server.key -out $postclient.crt -CAcreateserial

elif [ "$1" = "remove" ]; then
	echo DELETING ALL KEYS!
	for i in 3 2 1
	do
		echo $i s
		sleep 1
	done
	rm -fv $serverkey $serverkey.backup $servercrt $servercrt.backup $rootcrt $rootcrt.backup $postclient.key* $postclient.csr*

else
	echo "Hm?"
fi

cd $curdir
	#!/usr/bin/env sh

	if [ `whoami` != "postgres" ]; then
	echo You are not postgres!
	exit
	fi

	if [ "$1" = "" ]; then
	echo "Usage:"
	echo "$0 [server\|client] [cn]"
	echo "$0 remove"
	exit
	fi

	hostname=`hostname`
	serverkey="server.key"
	servercrt="server.crt"
	rootcrt="root.crt"
	postclient="postclient"
	xstr="/C=CA/ST=AQ/L=Somewhere/O=Kabangaboom"

	curdir=`pwd -P`
	cd /usr/local/pgsql/data \|\| exit

	if [ "$1" = "server" ]; then

	echo SERVER...
	echo =========
	if [ "$2" = "" ]; then
	cn=`host $hostname \| sed 's/ has address.*//'` \|\| exit
	else
	cn=$2
	fi
	subject=$xstr/CN=$cn

	echo Subject: $subject

	for i in $serverkey $servercrt $rootcrt
	do
	if [ -e $i ]; then mv -f $i $i.backup
	fi
	done
	rm -f $serverkey $servercrt $rootcrt

	echo $serverkey, $servercrt, $rootcrt...
	openssl req -nodes -new -x509 -keyout $serverkey -out $servercrt -subj $subject
	chmod 400 $serverkey
	cp $servercrt $rootcrt

	elif [ "$1" = "client" ]; then

	echo CLIENT...
	echo =========

	if [ "$2" = "" ]; then
	cn="postclient"
	else
	cn=$2
	fi

	subject=$xstr/CN=$cn
	echo "Subject: $subject"

	for i in $postclient.key $postclient.csr
	do
	if [ -e $i ]; then mv -f $i $i.backup
	fi
	done
	rm -f $postclient.key $postclient.csr

	echo $postclient.key, $postclient.csr...
	openssl req -nodes -new -x509 -keyout $postclient.key -out $postclient.csr -subj $subject
	openssl req -new -key $postclient.key -out $postclient.csr -subj $subject
	openssl x509 -req -in $postclient.csr -CA root.crt -CAkey server.key -out $postclient.crt -CAcreateserial

	elif [ "$1" = "remove" ]; then
	echo DELETING ALL KEYS!
	for i in 3 2 1
	do
	echo $i s
	sleep 1
	done
	rm -fv $serverkey $serverkey.backup $servercrt $servercrt.backup $rootcrt $rootcrt.backup $postclient.key* $postclient.csr*

	else
	echo "Hm?"
	fi

	cd $curdir