devel/openssl/Makefile.certificate

UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
SERIAL=0

.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem

usage:
	@echo "This makefile allows you to create:"
	@echo "  o public/private key pairs"
	@echo "  o SSL certificate signing requests (CSRs)"
	@echo "  o self-signed SSL test certificates"
	@echo
	@echo "To create a key pair, run \"make SOMETHING.key\"."
	@echo "To create a CSR, run \"make SOMETHING.csr\"."
	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
	@echo
	@echo "To create a key for use with Apache, run \"make genkey\"."
	@echo "To create a CSR for use with Apache, run \"make certreq\"."
	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
	@echo
	@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
	@echo
	@echo Examples:
	@echo "  make server.key"
	@echo "  make server.csr"
	@echo "  make server.crt"
	@echo "  make stunnel.pem"
	@echo "  make genkey"
	@echo "  make certreq"
	@echo "  make testcert"
	@echo "  make server.crt SERIAL=1"
	@echo "  make stunnel.pem SERIAL=2"
	@echo "  make testcert SERIAL=3"

%.pem:
	umask 77 ; \
	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
	/usr/bin/openssl req $(UTF8) -newkey rsa:2048 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
	cat $$PEM1 >  $@ ; \
	echo ""    >> $@ ; \
	cat $$PEM2 >> $@ ; \
	$(RM) $$PEM1 $$PEM2

%.key:
	umask 77 ; \
	/usr/bin/openssl genrsa -aes128 2048 > $@

%.csr: %.key
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@

%.crt: %.key
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)

TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
CSR=$(TLSROOT)/certs/localhost.csr
CRT=$(TLSROOT)/certs/localhost.crt

genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)

$(CSR): $(KEY)
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)

$(CRT): $(KEY)
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)
1	UTF8 := $(shell locale -c LC_CTYPE -k \| grep -q charmap.*UTF-8 && echo -utf8)
2	SERIAL=0
3
4	.PHONY: usage
5	.SUFFIXES: .key .csr .crt .pem
6	.PRECIOUS: %.key %.csr %.crt %.pem
7
8	usage:
9	@echo "This makefile allows you to create:"
10	@echo " o public/private key pairs"
11	@echo " o SSL certificate signing requests (CSRs)"
12	@echo " o self-signed SSL test certificates"
13	@echo
14	@echo "To create a key pair, run \"make SOMETHING.key\"."
15	@echo "To create a CSR, run \"make SOMETHING.csr\"."
16	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
17	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
18	@echo
19	@echo "To create a key for use with Apache, run \"make genkey\"."
20	@echo "To create a CSR for use with Apache, run \"make certreq\"."
21	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
22	@echo
23	@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
24	@echo
25	@echo Examples:
26	@echo " make server.key"
27	@echo " make server.csr"
28	@echo " make server.crt"
29	@echo " make stunnel.pem"
30	@echo " make genkey"
31	@echo " make certreq"
32	@echo " make testcert"
33	@echo " make server.crt SERIAL=1"
34	@echo " make stunnel.pem SERIAL=2"
35	@echo " make testcert SERIAL=3"
36
37	%.pem:
38	umask 77 ; \
39	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
40	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
41	/usr/bin/openssl req $(UTF8) -newkey rsa:2048 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
42	cat $$PEM1 > $@ ; \
43	echo "" >> $@ ; \
44	cat $$PEM2 >> $@ ; \
45	$(RM) $$PEM1 $$PEM2
46
47	%.key:
48	umask 77 ; \
49	/usr/bin/openssl genrsa -aes128 2048 > $@
50
51	%.csr: %.key
52	umask 77 ; \
53	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
54
55	%.crt: %.key
56	umask 77 ; \
57	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
58
59	TLSROOT=/etc/pki/tls
60	KEY=$(TLSROOT)/private/localhost.key
61	CSR=$(TLSROOT)/certs/localhost.csr
62	CRT=$(TLSROOT)/certs/localhost.crt
63
64	genkey: $(KEY)
65	certreq: $(CSR)
66	testcert: $(CRT)
67
68	$(CSR): $(KEY)
69	umask 77 ; \
70	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
71
72	$(CRT): $(KEY)
73	umask 77 ; \
74	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)
admin@fedoraproject.org	ViewVC Help
Powered by ViewVC 1.1.2