mirror of
https://github.com/silverqx/TinyORM.git
synced 2026-05-23 10:51:02 -05:00
silverqx
bc17c343d1
Forced certificate authentication for PostgreSQL. - added $env:PGDATA/conf.d/90-crystal.conf with custom configurations - enabled SSL - listen on the localhost only - generating SSL certificates with our CA with 1 month expire duration and SAN - changed default root password - also the GitHub runner is forced to use certificate authentication - small script enhancements like naming, logs grouping, PostgreSQL service checking, ...
19 lines
522 B
INI
19 lines
522 B
INI
[default]
|
|
|
|
# These extensions are added when 'ca' signs a request.
|
|
|
|
subjectAltName=$ENV::OPENSSL_SAN
|
|
|
|
# This goes against PKIX guidelines but some CAs do it and some software
|
|
# requires this to avoid interpreting an end user certificate as a CA.
|
|
|
|
basicConstraints=CA:FALSE
|
|
|
|
# This is typical in keyUsage for a client certificate.
|
|
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
|
|
# PKIX recommendations harmless if included in all certificates.
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid,issuer
|
|
|