From 6fb12698f13e7e20a1bfb73ede8ebf1599f15a70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Komlan=20Akp=C3=A9dj=C3=A9=20KEDJI?= <eric.kedji@gmail.com>
Date: Sat, 15 Jan 2022 10:23:50 +0100
Subject: [PATCH] Extend server certificate validity to 1000 years

It is a self-signed, therefore not providing authentication, only traffic encryption.
The default validity (30 days) is too short.
As there is no auto-renewal mechanism, a longer default period is appropriate.
---
 scripts/enable_ssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/enable_ssl.sh b/scripts/enable_ssl.sh
index a3b20db..a3af562 100755
--- a/scripts/enable_ssl.sh
+++ b/scripts/enable_ssl.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 pushd /var/lib/postgresql/data >/dev/null
-openssl req -new -newkey rsa:4096 -x509 -nodes -out server.crt -keyout server.key -batch
+openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch
 chmod 600 server.key
 sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
 sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf