blob: a65bb0fc4e085cffa9247fabea3ae137ef354b6d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/bin/sh
echo \$HOME = $HOME
CLIENTDIR=$HOME/.postgresql
#
# copy root certificate, if necessary
#
if [ ! -f $CLIENTDIR/root.crt -o -z $CLIENTDIR/root.crt ]
then
if [ -f /etc/postgresql/root.crt ]
then
/bin/cp -p /etc/postgresql/root.crt $CLIENTDIR
fi
fi
#
# generate client key, if one does not already exist.
#
if [ ! -f $CLIENTDIR/postgresql.key -o -z $CLIENTDIR/postgresql.key ]
then
if [ ! -f /etc/postgresql/dsa1024.pem -o -z /etc/postgresql/dsa1024.pem ]
then
/bin/echo "You must get the dsa1024.pem file from your DBA."
exit 0
fi
openssl gendsa /etc/postgresql/dsa1024.pem |\
openssl pkcs8 -topk8 -v2 bf -out $CLIENTDIR/postgresql.key
/bin/chmod 0600 $CLIENTDIR/postgresql.key
fi
#
# generate client SS certificate, if one does not already exist.
#
if [ ! -f $CLIENTDIR/postgresql.crt -o -z $CLIENTDIR/postgresql.crt ]
then
if [ ! -f $CLIENTDIR/postgresql.pem -o -z $CLIENTDIR/postgresql.pem ]
then
/bin/echo "Creating client certificate...."
/bin/echo ""
openssl req -new -x509 -out $CLIENTDIR/postgresql.pem \
-key $CLIENTDIR/postgresql.key -config /etc/postgresql/client.conf
/bin/echo ""
/bin/cat << EOM
You must now provide a copy of your ~/.postgresql/postgresql.pem file
to your DBA for them to sign. When they have done so, you should rerun
this application.
EOM
else
cp -p $CLIENTDIR/postgresql.pem $CLIENTDIR/postgresql.crt
fi
fi
|
