luizomf/create-self-signed-ssl-certificates.sh

## create-self-signed-ssl-certificates.sh
cd /var/lib/postgresql/13/main

# Create a self-signed certificate
openssl req -new -nodes -text -out server.csr \
  -keyout server.key -subj "/CN=postgresql.otaviomiranda.com.br"

openssl x509 -req -in server.csr -text -days 3650 \
  -extfile /etc/ssl/openssl.cnf -extensions v3_ca \
  -signkey server.key -out server.crt

# Use it as the root (only for self-signed certificates)
cp server.crt root.crt

# Create the client certificate and sign it with root
openssl req -new -nodes -text -out client.csr \
  -keyout client.key -subj "/CN=luizotaviosg"

openssl x509 -req -in client.csr -text -days 365 \
  -CA root.crt -CAkey server.key -CAcreateserial \
  -out client.crt

# Fix permissions
chown postgres:postgres root.* server.* client.*
chmod 600 root.* server.* client.*

# Move client.crt, client.key and root.crt to client computer

# FIX for dbeaver
openssl pkcs8 -topk8 -inform PEM -outform DER -in client.key -out client.pk8 -nocrypt
	cd /var/lib/postgresql/13/main

	# Create a self-signed certificate
	openssl req -new -nodes -text -out server.csr \
	-keyout server.key -subj "/CN=postgresql.otaviomiranda.com.br"

	openssl x509 -req -in server.csr -text -days 3650 \
	-extfile /etc/ssl/openssl.cnf -extensions v3_ca \
	-signkey server.key -out server.crt

	# Use it as the root (only for self-signed certificates)
	cp server.crt root.crt

	# Create the client certificate and sign it with root
	openssl req -new -nodes -text -out client.csr \
	-keyout client.key -subj "/CN=luizotaviosg"

	openssl x509 -req -in client.csr -text -days 365 \
	-CA root.crt -CAkey server.key -CAcreateserial \
	-out client.crt

	# Fix permissions
	chown postgres:postgres root.* server.* client.*
	chmod 600 root.* server.* client.*

	# Move client.crt, client.key and root.crt to client computer

	# FIX for dbeaver
	openssl pkcs8 -topk8 -inform PEM -outform DER -in client.key -out client.pk8 -nocrypt