pimiento/generate_pgconf.sh

## generate_pgconf.sh
#!/usr/bin/env bash
# https://www.crunchydata.com/blog/ssl-certificate-authentication-postgresql-docker-containers

HOST=${1:-localhost}
USERNAME=${2:-external_user}

mkdir keys certs
chmod og-rwx keys certs
openssl req -new -x509 -days 365 -nodes -out certs/ca.crt -keyout keys/ca.key -subj "/CN=root-ca"

mkdir pgconf
cp certs/ca.crt pgconf/ca.crt

openssl req -new -nodes -out server.csr -keyout pgconf/server.key -subj "/CN=${HOST}"
openssl x509 -req -in server.csr -days 365 -CA certs/ca.crt -CAkey keys/ca.key -CAcreateserial -out pgconf/server.crt
rm server.csr

chmod -R og-rwx pgconf
sudo chown -R 999:999 pgconf

# Generating the Client Key and Certificate
openssl req -new -nodes -out client.csr -keyout keys/client.key -subj "/CN=${USERNAME}"
chmod og-rwx keys/*
openssl x509 -req -in client.csr -days 365 -CA certs/ca.crt -CAkey keys/ca.key -CAcreateserial -out certs/client.crt
rm client.csr
	#!/usr/bin/env bash
	# https://www.crunchydata.com/blog/ssl-certificate-authentication-postgresql-docker-containers

	HOST=${1:-localhost}
	USERNAME=${2:-external_user}

	mkdir keys certs
	chmod og-rwx keys certs
	openssl req -new -x509 -days 365 -nodes -out certs/ca.crt -keyout keys/ca.key -subj "/CN=root-ca"

	mkdir pgconf
	cp certs/ca.crt pgconf/ca.crt

	openssl req -new -nodes -out server.csr -keyout pgconf/server.key -subj "/CN=${HOST}"
	openssl x509 -req -in server.csr -days 365 -CA certs/ca.crt -CAkey keys/ca.key -CAcreateserial -out pgconf/server.crt
	rm server.csr

	chmod -R og-rwx pgconf
	sudo chown -R 999:999 pgconf

	# Generating the Client Key and Certificate
	openssl req -new -nodes -out client.csr -keyout keys/client.key -subj "/CN=${USERNAME}"
	chmod og-rwx keys/*
	openssl x509 -req -in client.csr -days 365 -CA certs/ca.crt -CAkey keys/ca.key -CAcreateserial -out certs/client.crt
	rm client.csr