openssl/sme8/Makefile.certificate

UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
SERIAL=0
PRIVATE_KEY_BITS=2048

.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem

usage:
        @echo "This makefile allows you to create:"
        @echo "  o public/private key pairs"
        @echo "  o SSL certificate signing requests (CSRs)"
        @echo "  o self-signed SSL test certificates"
        @echo
        @echo "To create a key pair, run \"make SOMETHING.key\"."
        @echo "To create a CSR, run \"make SOMETHING.csr\"."
        @echo "To create a test certificate, run \"make SOMETHING.crt\"."
        @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
        @echo
        @echo "To create a key for use with Apache, run \"make genkey\"."
        @echo "To create a CSR for use with Apache, run \"make certreq\"."
        @echo "To create a test certificate for use with Apache, run \"make testcert\"."
        @echo
        @echo "To create a test certificate with serial number other than zero, add SERIAL=num"
        @echo
        @echo Examples:
        @echo "  make server.key"
        @echo "  make server.csr"
        @echo "  make server.crt"
        @echo "  make stunnel.pem"
        @echo "  make genkey"
        @echo "  make certreq"
        @echo "  make testcert"
        @echo "  make server.crt SERIAL=1"
        @echo "  make stunnel.pem SERIAL=2"
        @echo "  make testcert SERIAL=3"

%.pem:
        umask 77 ; \
        PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        /usr/bin/openssl req $(UTF8) -newkey rsa:$(PRIVATE_KEY_BITS) -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
        cat $$PEM1 >  $@ ; \
        echo ""    >> $@ ; \
        cat $$PEM2 >> $@ ; \
        $(RM) $$PEM1 $$PEM2

%.key:
        umask 77 ; \
        /usr/bin/openssl genrsa -des3 $(PRIVATE_KEY_BITS) > $@

%.csr: %.key
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $^ -out $@

%.crt: %.key
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)

TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
CSR=$(TLSROOT)/certs/localhost.csr
CRT=$(TLSROOT)/certs/localhost.crt

genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)

$(CSR): $(KEY)
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)

$(CRT): $(KEY)
        umask 77 ; \
        /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)
1	wellsi	1.1	UTF8 := $(shell locale -c LC_CTYPE -k \| grep -q charmap.*UTF-8 && echo -utf8)
2			SERIAL=0
3			PRIVATE_KEY_BITS=2048
4
5			.PHONY: usage
6			.SUFFIXES: .key .csr .crt .pem
7			.PRECIOUS: %.key %.csr %.crt %.pem
8
9			usage:
10			@echo "This makefile allows you to create:"
11			@echo " o public/private key pairs"
12			@echo " o SSL certificate signing requests (CSRs)"
13			@echo " o self-signed SSL test certificates"
14			@echo
15			@echo "To create a key pair, run \"make SOMETHING.key\"."
16			@echo "To create a CSR, run \"make SOMETHING.csr\"."
17			@echo "To create a test certificate, run \"make SOMETHING.crt\"."
18			@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
19			@echo
20			@echo "To create a key for use with Apache, run \"make genkey\"."
21			@echo "To create a CSR for use with Apache, run \"make certreq\"."
22			@echo "To create a test certificate for use with Apache, run \"make testcert\"."
23			@echo
24			@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
25			@echo
26			@echo Examples:
27			@echo " make server.key"
28			@echo " make server.csr"
29			@echo " make server.crt"
30			@echo " make stunnel.pem"
31			@echo " make genkey"
32			@echo " make certreq"
33			@echo " make testcert"
34			@echo " make server.crt SERIAL=1"
35			@echo " make stunnel.pem SERIAL=2"
36			@echo " make testcert SERIAL=3"
37
38			%.pem:
39			umask 77 ; \
40			PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
41			PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
42			/usr/bin/openssl req $(UTF8) -newkey rsa:$(PRIVATE_KEY_BITS) -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
43			cat $$PEM1 > $@ ; \
44			echo "" >> $@ ; \
45			cat $$PEM2 >> $@ ; \
46			$(RM) $$PEM1 $$PEM2
47
48			%.key:
49			umask 77 ; \
50			/usr/bin/openssl genrsa -des3 $(PRIVATE_KEY_BITS) > $@
51
52			%.csr: %.key
53			umask 77 ; \
54			/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
55
56			%.crt: %.key
57			umask 77 ; \
58			/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
59
60			TLSROOT=/etc/pki/tls
61			KEY=$(TLSROOT)/private/localhost.key
62			CSR=$(TLSROOT)/certs/localhost.csr
63			CRT=$(TLSROOT)/certs/localhost.crt
64
65			genkey: $(KEY)
66			certreq: $(CSR)
67			testcert: $(CRT)
68
69			$(CSR): $(KEY)
70			umask 77 ; \
71			/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
72
73			$(CRT): $(KEY)
74			umask 77 ; \
75			/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)