Generating SSL certificates v17
sslutils
is a Postgres extension that provides SSL certificate generation functions to EDB Postgres Advanced Server for use by the EDB Postgres Enterprise Manager server.
Installing the extension
You install sslutils
by using the edb-as<xx>-server-sslutils
RPM package, where <xx>
is the EDB Postgres Advanced Server version number.
Each parameter in the function’s parameter list is described by parameter n
, where n
refers to the nth
ordinal position (for example, first, second, or third) in the function’s parameter list.
openssl_rsa_generate_key
The openssl_rsa_generate_key
function generates an RSA private key. The function signature is:
When invoking the function, pass the number of bits as an integer value. The function returns the generated key.
openssl_rsa_key_to_csr
The openssl_rsa_key_to_csr
function generates a certificate signing request (CSR). The signature is:
The function generates and returns the certificate signing request.
Parameters
parameter 1
The name of the RSA key file.
parameter 2
The common name (e.g., agentN
) of the agent to use the signing request.
parameter 3
The name of the country where the server resides.
parameter 4
The name of the state where the server resides.
parameter 5
The location (city) in the state where the server resides.
parameter 6
The name of the organization unit requesting the certificate.
parameter 7
The email address of the user requesting the certificate.
openssl_csr_to_crt
The openssl_csr_to_crt
function generates a self-signed certificate or a certificate authority certificate. The signature is:
The function returns the self-signed certificate or certificate authority certificate.
Parameters
parameter 1
The name of the certificate signing the request.
parameter 2
The path to the certificate authority certificate, or NULL
if generating a certificate authority certificate.
parameter 3
The path to the certificate authority’s private key or, if argument 2
is NULL
, the path to a private key.
openssl_rsa_generate_crl
The openssl_rsa_generate_crl
function generates a default certificate revocation list. The signature is:
The function returns the certificate revocation list.
Parameters
parameter 1
The path to the certificate authority certificate.
parameter 2
The path to the certificate authority private key.