SSLUtils is a Postgres extension that provides SSL certicate generation functions to Postgres, for use by the Postgres Enterprise Manager server.
This extension is released under the PostgreSQL Licence.
Copyright (c) 2010 - 2020, EnterpriseDB Corporation.
The module may be built using the PGXS framework on most operating systems:
MSVC++ builds are also supported using the clean.bat and build.bat scripts:
The following functions are provided:
openssl_rsa_generate_key(integer) RETURNS text
Purpose: Generates an RSA private key. Param 1: Number of bits. Returns: The generated key.
openssl_rsa_key_to_csr(text, text, text, text, text, text, text) RETURNS text
Purpose: Generates a certificate signing request (CSR) Param 1: RSA key Param 2: CN or common name e.g. agentN Param 3: C or Country Param 4: ST or State Param 5: L or Location (City) Param 6: OU or Organization Unit Param 7: Email address Returns: The generated CSR.
openssl_csr_to_crt(text, text, text) RETURNS text
Purpose: Generates a self-signed certificate (or a CA certificate) Param 1: CSR Param 2: Path to the CA certificate OR NULL if generating a CA certificate. Param 3: Path to the CA private key OR path to a private key, If param2 is NULL. Returns: The certificate.
openssl_rsa_generate_crl(text, text) RETURNS text
Purpose: Generates a default certificate revocation list. Param 1: Path to CA certificate. Param 2: Path to CA private key. Returns: The CRL.
openssl_is_crt_expire_on(text, timestamptz)
Purpose: Compare certificate expiry on given time. Param1: Path to certificate. Param2: time to compare with end date; Returns: 1 - sucesss -1 - certificate expires 0 - error
openssl_revoke_certificate(text, text) RETURNS text
Purpose: Revoke the client certificate and re-generate crl file. Param 1: Path to client certificate to be revoked. Param 2: CRL file name specified in postgres config file. Returns: The CRL.
openssl_get_crt_expiry_date(text)
Purpose: Get the certificate expiry date. Param1: Path to certificate. Returns: end date of the certificate.