6fb12698f1
It is a self-signed, therefore not providing authentication, only traffic encryption. The default validity (30 days) is too short. As there is no auto-renewal mechanism, a longer default period is appropriate.
8 lines
328 B
Bash
Executable File
8 lines
328 B
Bash
Executable File
#!/bin/bash
|
|
pushd /var/lib/postgresql/data >/dev/null
|
|
openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch
|
|
chmod 600 server.key
|
|
sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
|
|
sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf
|
|
popd >/dev/null
|