-
Notifications
You must be signed in to change notification settings - Fork 3
/
README-RPM.sslutils.txt
100 lines (72 loc) · 3.23 KB
/
README-RPM.sslutils.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
SSLUtils
========
SSLUtils is a Postgres extension that provides SSL certicate generation
functions to Postgres, for use by the Postgres Enterprise Manager server.
The SSLUtils extension is installed by the ppas92-server-sslutils-3.0.0-1.rhel6
package. The SSLUtils files are installed in /usr/ppas-9.2/share/extension,
and the libraries are installed in /usr/ppas-9.2/lib.
Before using the SSLUtils, you must create the sslutils extension. Use the psql
client to connect to the edb database, and issue the command:
CREATE EXTENSION sslutils WITH VERSION "1.0";
Please note that before connecting with the psql client, you may be required
to modify the pg_hba.conf file; the pg_hba.conf file is located in
/var/lib/ppas/9.2/data.
Functions
---------
After creating the extensions, you can use the psql command line to invoke the
SSLUtils functions. For example, to invoke the openssl_rsa_generate_key, connect
to the server and issue the command:
edb=# select openssl_rsa_generate_key (4096);
openssl_rsa_generate_key
------------------------------------------------------------------
-----BEGIN RSA PRIVATE KEY----- +
MIIJKQIBAAKCAgEAr6uLkjuMhMPkFyAxDrYYc5sqa/JxWWYdaGkwICS4846/qTdH+
...
lkJ7GslgEHUcoLbMpSufMaX5bObwdj0J9hAtUUBqVjKxp+pcuTqeKaCGVRtc +
-----END RSA PRIVATE KEY----- +
(1 row)
SSLUtils provides the following functions:
openssl_rsa_generate_key(integer) RETURNS text
Purpose: Generates an RSA private key.
Param 1: Number of bits.
Returns: The generated key.
openssl_rsa_key_to_csr(text, text, text, text, text, text, text) RETURNS text
Purpose: Generates a certificate signing request (CSR)
Param 1: RSA key
Param 2: CN or common name e.g. agentN
Param 3: C or Country
Param 4: ST or State
Param 5: L or Location (City)
Param 6: OU or Organization Unit
Param 7: Email address
Returns: The generated CSR.
openssl_csr_to_crt(text, text, text) RETURNS text
Purpose: Generates a self-signed certificate (or a CA certificate)
Param 1: CSR
Param 2: Path to the CA certificate OR NULL if generating a CA certificate.
Param 3: Path to the CA private key OR path to a private key, If param2 is NULL.
Returns: The certificate.
openssl_rsa_generate_crl(text, text) RETURNS text
Purpose: Generates a default certificate revocation list.
Param 1: Path to CA certificate.
Param 2: Path to CA private key.
Returns: The CRL.
openssl_is_crt_expire_on(text, timestamptz)
Purpose: Compare certificate expiry on given time.
Param1: Path to certificate.
Param2: time to compare with end date;
Returns: 1 - sucesss
-1 - certificate expires
0 - error
openssl_revoke_certificate(text, text) RETURNS text
Purpose: Revoke the client certificate and re-generate crl file.
Param 1: Path to client certificate to be revoked.
Param 2: CRL file name specified in postgres config file.
Returns: The CRL.
openssl_get_crt_expiry_date(text)
Purpose: Get the certificate expiry date.
Param1: Path to certificate.
Returns: end date of the certificate.
========================================================
This extension is released under the PostgreSQL Licence.
Copyright (c) 2010 - 2020, EnterpriseDB Corporation.