Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
3 - 1
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
2
SERIAL=0
3
 
4
.PHONY: usage
5
.SUFFIXES: .key .csr .crt .pem
6
.PRECIOUS: %.key %.csr %.crt %.pem
7
 
8
usage:
9
	@echo "This makefile allows you to create:"
10
	@echo "  o public/private key pairs"
11
	@echo "  o SSL certificate signing requests (CSRs)"
12
	@echo "  o self-signed SSL test certificates"
13
	@echo
14
	@echo "To create a key pair, run \"make SOMETHING.key\"."
15
	@echo "To create a CSR, run \"make SOMETHING.csr\"."
16
	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
17
	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
18
	@echo
19
	@echo "To create a key for use with Apache, run \"make genkey\"."
20
	@echo "To create a CSR for use with Apache, run \"make certreq\"."
21
	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
22
	@echo
23
	@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
24
	@echo
25
	@echo Examples:
26
	@echo "  make server.key"
27
	@echo "  make server.csr"
28
	@echo "  make server.crt"
29
	@echo "  make stunnel.pem"
30
	@echo "  make genkey"
31
	@echo "  make certreq"
32
	@echo "  make testcert"
33
	@echo "  make server.crt SERIAL=1"
34
	@echo "  make stunnel.pem SERIAL=2"
35
	@echo "  make testcert SERIAL=3"
36
 
37
%.pem:
38
	umask 77 ; \
39
	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
40
	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
41
	/usr/bin/openssl req $(UTF8) -newkey rsa:2048 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
42
	cat $$PEM1 >  $@ ; \
43
	echo ""    >> $@ ; \
44
	cat $$PEM2 >> $@ ; \
45
	$(RM) $$PEM1 $$PEM2
46
 
47
%.key:
48
	umask 77 ; \
49
	/usr/bin/openssl genrsa -aes128 2048 > $@
50
 
51
%.csr: %.key
52
	umask 77 ; \
53
	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
54
 
55
%.crt: %.key
56
	umask 77 ; \
57
	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
58
 
59
TLSROOT=/etc/pki/tls
60
KEY=$(TLSROOT)/private/localhost.key
61
CSR=$(TLSROOT)/certs/localhost.csr
62
CRT=$(TLSROOT)/certs/localhost.crt
63
 
64
genkey: $(KEY)
65
certreq: $(CSR)
66
testcert: $(CRT)
67
 
68
$(CSR): $(KEY)
69
	umask 77 ; \
70
	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
71
 
72
$(CRT): $(KEY)
73
	umask 77 ; \
74
	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)