polemon.org
 
Trace: musepack consolas scanpool main_page cgit_nginx mono.theme noctcp.diff identify.pl polemon.vim ssl_makefile

SSL Makefile

This makefile facilitates the creation of SSL certificates.

Download the file and name it Makefile (case sensitive). download

I suggest putting that Makefile in a new directory and running make in there.

Here's the source:

Makefile

 1: # Makefile to create new CA and application keys more easily
 2: 
 3: have_cnf:=$(wildcard server.cnf)
 4: have_cacnf:=$(wildcard ca.cnf)
 5: 
 6: all: server.key.nopass server.crt
 7: 
 8: # make new CA key and certificate
 9: newca:
10:     -rm ca.*
11:     make ca.crt
12: 
13: # make new server certificate and key
14: newserver: clean
15:     make all
16: 
17: # sign a certificate
18: sign: server.crt.signed
19: 
20: # make PEMs
21: pem: server.pem server.pem.nopass
22: 
23: # create unencrypted server key
24: server.key.nopass: server.key
25:     openssl rsa -in $< -out $@
26: 
27: # create server certificate with CA
28: server.crt.signed: server.csr ca.crt ca.key
29:     openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out $@
30:     @echo -e " *\n * Serial number needs to be updated, whenever certificate is created anew!\n *"
31: 
32: # create self signed server certificate
33: server.crt: server.csr server.key
34:     openssl x509 -req -days 365 -in $< -signkey server.key -out $@
35: 
36: # create server signing request
37: ifeq ($(strip $(have_cnf)),)
38: server.csr: server.key
39:     openssl req -new -key $< -out $@
40:     echo "nein"
41: else
42: server.csr: server.key server.cnf
43:     openssl req -new -key $< -out $@ -config server.cnf
44:     echo "ja"
45: endif
46: 
47: # generate server key
48: server.key:
49:     openssl genrsa -des3 -out $@ 4096
50: 
51: # create pem
52: server.pem: server.crt server.key
53:     cat server.crt server.key > $@
54:     openssl dhparam -2 >> $@
55: 
56: # create unencrypted pem
57: server.pem.nopass: server.crt server.key.nopass
58:     cat server.crt server.key.nopass > $@
59:     openssl dhparam -2 >> $@
60: 
61: # create CA certificate
62: ifeq ($(strip $(have_cacnf)),)
63: ca.crt: ca.key
64:     openssl req -new -x509 -days 365 -key $< -out $@
65: 
66: else
67: ca.crt: ca.key ca.cnf
68:     openssl req -new -x509 -days 365 -key $< -out $@ -config ca.cnf
69: 
70: endif
71: 
72: # generate CA key
73: ca.key:
74:     openssl genrsa -des3 -out $@ 4096
75: 
76: # delete everything
77: clean:
78:     -rm server.crt server.csr server.key server.key.nopass server.pem server.pem.nopass
79: 
80: paranoia:
81:     -shred -zuv server.crt server.csr server.key server.key.nopass server.pem server.pem.nopass
82: 
83: help:
84:     @echo -e "Usage: make [newca | newserver | pem | sign | help]\n"
85:     @echo -e "    (no arguments):    creates CA files and a server certificate"
86:     @echo -e "    newca:             recreates CA files"
87:     @echo -e "    newserver:         recreates server certificate files"
88:     @echo -e "    pem:               create PEM files"
89:     @echo -e "    sign:              make CA signed certificate"
90:     @echo -e "    help:              shows this help"

Output of make help: 

Usage: make [newca | newserver | pem | sign | help]

    (no arguments):    creates CA files and a server certificate
    newca:             recreates CA files
    newserver:         recreates server certificate files
    pem:               create PEM files
    sign:              make CA signed certificate
    help:              shows this help
 
ssl_makefile.txt · Last modified: 2010/03/25 14:25 by polemon
 
RSS • 2012 © --polemon Powered by: