| 1 |
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) |
| 2 |
SERIAL=0 |
| 3 |
PRIVATE_KEY_BITS=2048 |
| 4 |
|
| 5 |
.PHONY: usage |
| 6 |
.SUFFIXES: .key .csr .crt .pem |
| 7 |
.PRECIOUS: %.key %.csr %.crt %.pem |
| 8 |
|
| 9 |
usage: |
| 10 |
@echo "This makefile allows you to create:" |
| 11 |
@echo " o public/private key pairs" |
| 12 |
@echo " o SSL certificate signing requests (CSRs)" |
| 13 |
@echo " o self-signed SSL test certificates" |
| 14 |
@echo |
| 15 |
@echo "To create a key pair, run \"make SOMETHING.key\"." |
| 16 |
@echo "To create a CSR, run \"make SOMETHING.csr\"." |
| 17 |
@echo "To create a test certificate, run \"make SOMETHING.crt\"." |
| 18 |
@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." |
| 19 |
@echo |
| 20 |
@echo "To create a key for use with Apache, run \"make genkey\"." |
| 21 |
@echo "To create a CSR for use with Apache, run \"make certreq\"." |
| 22 |
@echo "To create a test certificate for use with Apache, run \"make testcert\"." |
| 23 |
@echo |
| 24 |
@echo "To create a test certificate with serial number other than zero, add SERIAL=num" |
| 25 |
@echo |
| 26 |
@echo Examples: |
| 27 |
@echo " make server.key" |
| 28 |
@echo " make server.csr" |
| 29 |
@echo " make server.crt" |
| 30 |
@echo " make stunnel.pem" |
| 31 |
@echo " make genkey" |
| 32 |
@echo " make certreq" |
| 33 |
@echo " make testcert" |
| 34 |
@echo " make server.crt SERIAL=1" |
| 35 |
@echo " make stunnel.pem SERIAL=2" |
| 36 |
@echo " make testcert SERIAL=3" |
| 37 |
|
| 38 |
%.pem: |
| 39 |
umask 77 ; \ |
| 40 |
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ |
| 41 |
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ |
| 42 |
/usr/bin/openssl req $(UTF8) -newkey rsa:$(PRIVATE_KEY_BITS) -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \ |
| 43 |
cat $$PEM1 > $@ ; \ |
| 44 |
echo "" >> $@ ; \ |
| 45 |
cat $$PEM2 >> $@ ; \ |
| 46 |
$(RM) $$PEM1 $$PEM2 |
| 47 |
|
| 48 |
%.key: |
| 49 |
umask 77 ; \ |
| 50 |
/usr/bin/openssl genrsa -des3 $(PRIVATE_KEY_BITS) > $@ |
| 51 |
|
| 52 |
%.csr: %.key |
| 53 |
umask 77 ; \ |
| 54 |
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@ |
| 55 |
|
| 56 |
%.crt: %.key |
| 57 |
umask 77 ; \ |
| 58 |
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL) |
| 59 |
|
| 60 |
TLSROOT=/etc/pki/tls |
| 61 |
KEY=$(TLSROOT)/private/localhost.key |
| 62 |
CSR=$(TLSROOT)/certs/localhost.csr |
| 63 |
CRT=$(TLSROOT)/certs/localhost.crt |
| 64 |
|
| 65 |
genkey: $(KEY) |
| 66 |
certreq: $(CSR) |
| 67 |
testcert: $(CRT) |
| 68 |
|
| 69 |
$(CSR): $(KEY) |
| 70 |
umask 77 ; \ |
| 71 |
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) |
| 72 |
|
| 73 |
$(CRT): $(KEY) |
| 74 |
umask 77 ; \ |
| 75 |
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL) |
Parent Directory
| 
Revision Log
| 
Revision Graph
