openssl3/contribs10/Makefile.certificate

UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
DAYS=365
KEYLEN=2048
TYPE=rsa:$(KEYLEN)
EXTRA_FLAGS=
ifdef SERIAL
        EXTRA_FLAGS+=-set_serial $(SERIAL)
endif

.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem

usage:
        @echo "This makefile allows you to create:"
        @echo "  o public/private key pairs"
        @echo "  o SSL certificate signing requests (CSRs)"
        @echo "  o self-signed SSL test certificates"
        @echo
        @echo "To create a key pair, run \"make SOMETHING.key\"."
        @echo "To create a CSR, run \"make SOMETHING.csr\"."
        @echo "To create a test certificate, run \"make SOMETHING.crt\"."
        @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
        @echo
        @echo "To create a key for use with Apache, run \"make genkey\"."
        @echo "To create a CSR for use with Apache, run \"make certreq\"."
        @echo "To create a test certificate for use with Apache, run \"make testcert\"."
        @echo
        @echo "To create a test certificate with serial number other than random, add SERIAL=num"
        @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
        @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
        @echo
        @echo Examples:
        @echo "  make server.key"
        @echo "  make server.csr"
        @echo "  make server.crt"
        @echo "  make stunnel.pem"
        @echo "  make genkey"
        @echo "  make certreq"
        @echo "  make testcert"
        @echo "  make server.crt SERIAL=1"
        @echo "  make stunnel.pem EXTRA_FLAGS=-sha384"
        @echo "  make testcert DAYS=600"

%.pem:
        umask 77 ; \
        PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
        cat $$PEM1 >  $@ ; \
        echo ""    >> $@ ; \
        cat $$PEM2 >> $@ ; \
        $(RM) $$PEM1 $$PEM2

%.key:
        umask 77 ; \
        /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@

%.csr: %.key
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $^ -out $@

%.crt: %.key
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)

TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
CSR=$(TLSROOT)/certs/localhost.csr
CRT=$(TLSROOT)/certs/localhost.crt

genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)

$(CSR): $(KEY)
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)

$(CRT): $(KEY)
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
1	UTF8 := $(shell locale -c LC_CTYPE -k \| grep -q charmap.*UTF-8 && echo -utf8)
2	DAYS=365
3	KEYLEN=2048
4	TYPE=rsa:$(KEYLEN)
5	EXTRA_FLAGS=
6	ifdef SERIAL
7	EXTRA_FLAGS+=-set_serial $(SERIAL)
8	endif
9
10	.PHONY: usage
11	.SUFFIXES: .key .csr .crt .pem
12	.PRECIOUS: %.key %.csr %.crt %.pem
13
14	usage:
15	@echo "This makefile allows you to create:"
16	@echo " o public/private key pairs"
17	@echo " o SSL certificate signing requests (CSRs)"
18	@echo " o self-signed SSL test certificates"
19	@echo
20	@echo "To create a key pair, run \"make SOMETHING.key\"."
21	@echo "To create a CSR, run \"make SOMETHING.csr\"."
22	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
23	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
24	@echo
25	@echo "To create a key for use with Apache, run \"make genkey\"."
26	@echo "To create a CSR for use with Apache, run \"make certreq\"."
27	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
28	@echo
29	@echo "To create a test certificate with serial number other than random, add SERIAL=num"
30	@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
31	@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
32	@echo
33	@echo Examples:
34	@echo " make server.key"
35	@echo " make server.csr"
36	@echo " make server.crt"
37	@echo " make stunnel.pem"
38	@echo " make genkey"
39	@echo " make certreq"
40	@echo " make testcert"
41	@echo " make server.crt SERIAL=1"
42	@echo " make stunnel.pem EXTRA_FLAGS=-sha384"
43	@echo " make testcert DAYS=600"
44
45	%.pem:
46	umask 77 ; \
47	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
48	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
49	/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
50	cat $$PEM1 > $@ ; \
51	echo "" >> $@ ; \
52	cat $$PEM2 >> $@ ; \
53	$(RM) $$PEM1 $$PEM2
54
55	%.key:
56	umask 77 ; \
57	/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
58
59	%.csr: %.key
60	umask 77 ; \
61	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
62
63	%.crt: %.key
64	umask 77 ; \
65	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
66
67	TLSROOT=/etc/pki/tls
68	KEY=$(TLSROOT)/private/localhost.key
69	CSR=$(TLSROOT)/certs/localhost.csr
70	CRT=$(TLSROOT)/certs/localhost.crt
71
72	genkey: $(KEY)
73	certreq: $(CSR)
74	testcert: $(CRT)
75
76	$(CSR): $(KEY)
77	umask 77 ; \
78	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
79
80	$(CRT): $(KEY)
81	umask 77 ; \
82	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)