Created
March 23, 2023 05:29
-
-
Save pimiento/b8c5f49910460fed1e9a6e233c428ee4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# https://www.crunchydata.com/blog/ssl-certificate-authentication-postgresql-docker-containers | |
HOST=${1:-localhost} | |
USERNAME=${2:-external_user} | |
mkdir keys certs | |
chmod og-rwx keys certs | |
openssl req -new -x509 -days 365 -nodes -out certs/ca.crt -keyout keys/ca.key -subj "/CN=root-ca" | |
mkdir pgconf | |
cp certs/ca.crt pgconf/ca.crt | |
openssl req -new -nodes -out server.csr -keyout pgconf/server.key -subj "/CN=${HOST}" | |
openssl x509 -req -in server.csr -days 365 -CA certs/ca.crt -CAkey keys/ca.key -CAcreateserial -out pgconf/server.crt | |
rm server.csr | |
chmod -R og-rwx pgconf | |
sudo chown -R 999:999 pgconf | |
# Generating the Client Key and Certificate | |
openssl req -new -nodes -out client.csr -keyout keys/client.key -subj "/CN=${USERNAME}" | |
chmod og-rwx keys/* | |
openssl x509 -req -in client.csr -days 365 -CA certs/ca.crt -CAkey keys/ca.key -CAcreateserial -out certs/client.crt | |
rm client.csr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment