Created
August 21, 2017 12:24
-
-
Save duke-m/617c72b724466419de4d12c58657f378 to your computer and use it in GitHub Desktop.
experimental ssl-key-maker for postgresql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env sh | |
if [ `whoami` != "postgres" ]; then | |
echo You are not postgres! | |
exit | |
fi | |
if [ "$1" = "" ]; then | |
echo "Usage:" | |
echo "$0 [server|client] [cn]" | |
echo "$0 remove" | |
exit | |
fi | |
hostname=`hostname` | |
serverkey="server.key" | |
servercrt="server.crt" | |
rootcrt="root.crt" | |
postclient="postclient" | |
xstr="/C=CA/ST=AQ/L=Somewhere/O=Kabangaboom" | |
curdir=`pwd -P` | |
cd /usr/local/pgsql/data || exit | |
if [ "$1" = "server" ]; then | |
echo SERVER... | |
echo ========= | |
if [ "$2" = "" ]; then | |
cn=`host $hostname | sed 's/ has address.*//'` || exit | |
else | |
cn=$2 | |
fi | |
subject=$xstr/CN=$cn | |
echo Subject: $subject | |
for i in $serverkey $servercrt $rootcrt | |
do | |
if [ -e $i ]; then mv -f $i $i.backup | |
fi | |
done | |
rm -f $serverkey $servercrt $rootcrt | |
echo $serverkey, $servercrt, $rootcrt... | |
openssl req -nodes -new -x509 -keyout $serverkey -out $servercrt -subj $subject | |
chmod 400 $serverkey | |
cp $servercrt $rootcrt | |
elif [ "$1" = "client" ]; then | |
echo CLIENT... | |
echo ========= | |
if [ "$2" = "" ]; then | |
cn="postclient" | |
else | |
cn=$2 | |
fi | |
subject=$xstr/CN=$cn | |
echo "Subject: $subject" | |
for i in $postclient.key $postclient.csr | |
do | |
if [ -e $i ]; then mv -f $i $i.backup | |
fi | |
done | |
rm -f $postclient.key $postclient.csr | |
echo $postclient.key, $postclient.csr... | |
openssl req -nodes -new -x509 -keyout $postclient.key -out $postclient.csr -subj $subject | |
openssl req -new -key $postclient.key -out $postclient.csr -subj $subject | |
openssl x509 -req -in $postclient.csr -CA root.crt -CAkey server.key -out $postclient.crt -CAcreateserial | |
elif [ "$1" = "remove" ]; then | |
echo DELETING ALL KEYS! | |
for i in 3 2 1 | |
do | |
echo $i s | |
sleep 1 | |
done | |
rm -fv $serverkey $serverkey.backup $servercrt $servercrt.backup $rootcrt $rootcrt.backup $postclient.key* $postclient.csr* | |
else | |
echo "Hm?" | |
fi | |
cd $curdir |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment