From 34a3f9a631331a8724aa6006daa3a27fe5d171ac Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 10 May 2024 11:49:03 -0500 Subject: [PATCH] Update PostgreSQL test to check CSR and cert extensions --- .../external-application-connection-tests.yml | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/external-application-connection-tests.yml b/.github/workflows/external-application-connection-tests.yml index e1df2bba4..8ad378e7e 100644 --- a/.github/workflows/external-application-connection-tests.yml +++ b/.github/workflows/external-application-connection-tests.yml @@ -78,15 +78,27 @@ jobs: docker cp pki-dist:/root/RPMS/. /tmp/RPMS/ docker rm -f pki-dist - - name: Create postgresql certificates + - name: Install packages run: | docker cp /tmp/RPMS/. jss:/root/RPMS/ docker exec jss bash -c "dnf localinstall -y /root/RPMS/*" - docker exec jss pki nss-cert-request --subject "CN=postgresql.example.com" \ - --csr /root/sslserver.csr --ext /usr/share/pki/server/certs/sslserver.conf - docker exec jss pki nss-cert-issue --csr /root/sslserver.csr \ - --ext /usr/share/pki/server/certs/sslserver.conf --cert /root/sslserver.crt + - name: Create postgresql certificates + run: | + docker exec jss pki nss-cert-request \ + --subject "CN=postgresql.example.com" \ + --csr /root/sslserver.csr \ + --ext /usr/share/pki/server/certs/sslserver.conf + + docker exec jss openssl req -text -noout -in /root/sslserver.csr + + docker exec jss pki nss-cert-issue \ + --csr /root/sslserver.csr \ + --ext /usr/share/pki/server/certs/sslserver.conf \ + --cert /root/sslserver.crt + + docker exec jss openssl x509 -text -noout -in /root/sslserver.crt + docker exec jss pki nss-cert-import --cert /root/sslserver.crt --trust "TC,C,C" postgres docker exec jss pk12util -o /root/ssl.p12 -n postgres -d /root/.dogtag/nssdb/ -W myPassword docker cp jss:/root/ssl.p12 ssl.p12