Jake Ceballos jakeceballos

## gist:952344

      
              1 file
            
          
              215 forks
            
          
              30 comments
            
          
              743 stars
            
          
                mtigas
                / gist:952344
            
            
              Last active
              June 20, 2024 11:22
            
              
                Mini tutorial for configuring client-side SSL certificates.
              
          
    Client-side SSL

For excessively paranoid client authentication.

Updated Apr 5 2019:
because this is a gist from 2011 that people stumble into and maybe you should AES instead of 3DES in the year of our lord 2019.
some other notes:

  
## postgres_queries_and_commands.sql
-- show running queries (pre 9.2)
SELECT procpid, age(clock_timestamp(), query_start), usename, current_query
FROM pg_stat_activity
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%'
ORDER BY query_start desc;

-- show running queries (9.2)
SELECT pid, age(clock_timestamp(), query_start), usename, query
FROM pg_stat_activity
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%'

## SSL-certs-OSX.md

      
              2 files
            
          
              85 forks
            
          
              871 comments
            
          
              257 stars
            
          
                croxton
                / SSL-certs-OSX.md
            
            
              Last active
              March 3, 2024 18:58
                — forked from leevigraham/Generate ssl certificates with Subject Alt Names on OSX.md
            
              
                Generate ssl certificates with Subject Alt Names
              
          
    Generate ssl certificates with Subject Alt Names on OSX

Open ssl.conf in a text editor.
Edit the domain(s) listed under the [alt_names] section so that they match the local domain name you want to use for your project, e.g.
DNS.1   = my-project.dev

Additional FQDNs can be added if required:

  
## create-certs.sh
# Define where to store the generated certs and metadata.
DIR="$(pwd)/tls"

# Optional: Ensure the target directory exists and is empty.
rm -rf "${DIR}"
mkdir -p "${DIR}"

# Create the openssl configuration file. This is used for both generating
# the certificate as well as for specifying the extensions. It aims in favor
# of automation, so the DN is encoding and not prompted.
	-- show running queries (pre 9.2)
	SELECT procpid, age(clock_timestamp(), query_start), usename, current_query
	FROM pg_stat_activity
	WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%'
	ORDER BY query_start desc;

	-- show running queries (9.2)
	SELECT pid, age(clock_timestamp(), query_start), usename, query
	FROM pg_stat_activity
	WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%'
	# Define where to store the generated certs and metadata.
	DIR="$(pwd)/tls"

	# Optional: Ensure the target directory exists and is empty.
	rm -rf "${DIR}"
	mkdir -p "${DIR}"

	# Create the openssl configuration file. This is used for both generating
	# the certificate as well as for specifying the extensions. It aims in favor
	# of automation, so the DN is encoding and not prompted.