blob: 5da1ea979389e51aa56c406bd8aa985c9ce18020 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# $Id: Makefile,v 1.4 2006/06/20 18:55:37 jmates Exp $
#
# NOTE If running OpenSSL 0.9.8a or higher, see -newkey, below.
#
# Automates the setup of a custom Certificate Authority and provides
# routines for signing and revocation of certificates. To use, first
# customize the commands in this file and the settings in openssl.cnf,
# then run:
#
# make init
#
# Then, copy in certificate signing requests, and ensure their suffix is
# .csr before signing them with the following command:
#
# make sign
#
# To revoke a key, name the certificate file with the cert option
# as shown below:
#
# make revoke cert=foo.cert
#
# This will revoke the certificate and call gencrl; the revocation list
# will then need to be copied somehow to the various systems that use
# your CA cert.
requests = *.csr
# remove -batch option if want chance to not certify a particular request
sign: FORCE
@openssl ca -batch -config openssl.cnf -days 180 -in $(req) -out $(cert)
revoke:
@test $${cert:?"usage: make revoke cert=certificate"}
@openssl ca -config openssl.cnf -revoke $(cert)
@$(MAKE) gencrl
gencrl:
@openssl ca -config openssl.cnf -gencrl -out crl/crl.pem
clean:
-rm ${requests}
# creates required supporting files, CA key and certificate
init:
@test ! -f serial
@mkdir crl newcerts private
@chmod go-rwx private
@echo '01' > serial
@touch index
# NOTE use "-newkey rsa:2048" if running OpenSSL 0.9.8a or higher
@openssl req -nodes -config openssl.cnf -days 1825 -x509 -newkey rsa:2048 -out ca-cert.pem -outform PEM
help:
@echo make sign req=in.csr cert=out.cert
@echo ' - signs in.csr, outputting to out.cert'
@echo
@echo make revoke cert=filename
@echo ' - revokes certificate in named file and calls gencrl'
@echo
@echo make gencrl
@echo ' - updates Certificate Revocation List (CRL)'
@echo
@echo make clean
@echo ' - removes all *.csr files in this directory'
@echo
@echo make init
@echo ' - required initial setup command for new CA'
# for legacy make support
FORCE:
|
