GitHub - EnterpriseDB/sslutils: A Postgres extension for managing SSL certificates through SQL.

EnterpriseDB / sslutils Public

Notifications You must be signed in to change notification settings
Fork 3
Star 8

A Postgres extension for managing SSL certificates through SQL.

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 62 Commits
installer/sslutils		installer/sslutils
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README-RPM.sslutils.txt		README-RPM.sslutils.txt
README.sslutils		README.sslutils
build.bat		build.bat
clean.bat		clean.bat
sslutils--1.0--1.1.sql		sslutils--1.0--1.1.sql
sslutils--1.0--1.3.sql		sslutils--1.0--1.3.sql
sslutils--1.1--1.2.sql		sslutils--1.1--1.2.sql
sslutils--1.1--1.3.sql		sslutils--1.1--1.3.sql
sslutils--1.1.sql		sslutils--1.1.sql
sslutils--1.2--1.3.sql		sslutils--1.2--1.3.sql
sslutils--1.2.sql		sslutils--1.2.sql
sslutils--1.3.sql		sslutils--1.3.sql
sslutils--unpackaged--1.0.sql		sslutils--unpackaged--1.0.sql
sslutils--unpackaged--1.3.sql		sslutils--unpackaged--1.3.sql
sslutils-pemagent.sql.in		sslutils-pemagent.sql.in
sslutils.c		sslutils.c
sslutils.control		sslutils.control
sslutils.def		sslutils.def
sslutils.proj		sslutils.proj
sslutils.sql.in		sslutils.sql.in
uninstall_sslutils.sql.in		uninstall_sslutils.sql.in

Repository files navigation

SSLUtils
========

SSLUtils is a Postgres extension that provides SSL certicate generation
functions to Postgres, for use by the Postgres Enterprise Manager server.

This extension is released under the PostgreSQL Licence.

Copyright (c) 2010 - 2020, EnterpriseDB Corporation.

Building
--------

The module may be built using the PGXS framework on most operating systems:

- Unpack the extensions files in $PGSRC/contrib/sslutils
- Run "make USE_PGXS=1" in the $PGSRC/contrib/sslutils directory.
- Run "make USE_PGXS=1 install" to install.

MSVC++ builds are also supported using the clean.bat and build.bat scripts:

- Set the PGPATH environment variable to point to your Postgres installation
  directory.
- Run build.bat in a VC++ command prompt to build the extension.
- Copy sslutils.dll into $PGDIR/lib and *.sql and sslutils.control into 
  $PGDIR/share/extension


Functions
---------

The following functions are provided:

openssl_rsa_generate_key(integer) RETURNS text

Purpose: Generates an RSA private key.
Param 1: Number of bits.
Returns: The generated key.

openssl_rsa_key_to_csr(text, text, text, text, text, text, text) RETURNS text

Purpose: Generates a certificate signing request (CSR)
Param 1: RSA key
Param 2: CN or common name e.g. agentN
Param 3: C or Country
Param 4: ST or State
Param 5: L or Location (City)
Param 6: OU or Organization Unit
Param 7: Email address
Returns: The generated CSR.

openssl_csr_to_crt(text, text, text) RETURNS text

Purpose: Generates a self-signed certificate (or a CA certificate)
Param 1: CSR
Param 2: Path to the CA certificate OR NULL if generating a CA certificate.
Param 3: Path to the CA private key OR path to a private key, If param2 is NULL.
Returns: The certificate.

openssl_rsa_generate_crl(text, text) RETURNS text

Purpose: Generates a default certificate revocation list.
Param 1: Path to CA certificate.
Param 2: Path to CA private key.
Returns: The CRL.

openssl_is_crt_expire_on(text, timestamptz)

Purpose: Compare certificate expiry on given time.
Param1:  Path to certificate.
Param2:  time to compare with end date;
Returns: 1 - sucesss
         -1 - certificate expires
         0 - error

openssl_revoke_certificate(text, text) RETURNS text

Purpose: Revoke the client certificate and re-generate crl file.
Param 1: Path to client certificate to be revoked.
Param 2: CRL file name specified in postgres config file.
Returns: The CRL.

openssl_get_crt_expiry_date(text)

Purpose: Get the certificate expiry date.
Param1:  Path to certificate.
Returns: end date of the certificate.