]>
Commit | Line | Data |
---|---|---|
11fdf7f2 TL |
1 | server = $(shell hostname) |
2 | domain = $(shell dnsdomainname) | |
3 | name = $(server) | |
4 | ||
5 | country = SE | |
6 | state = Stockholm | |
7 | locality= $(state) | |
8 | org = $(domain) | |
9 | unit = $(domain) | |
10 | mail = mx | |
11 | common = $(server).$(domain) | |
12 | email = postmaster@$(domain) | |
13 | ckey = ca$(key).pem | |
14 | ||
15 | pubkey = $(name).pub | |
16 | prvkey = $(name).key | |
17 | width = 4096 | |
18 | ||
19 | csr = $(name).csr | |
20 | crt = $(name).crt | |
21 | ||
22 | root = ca$(name).pem | |
23 | rootkey = ca$(name).key | |
24 | ||
25 | config = $(name).cfg | |
26 | days = 3650 | |
27 | ||
f67539c2 TL |
28 | alg = RSA |
29 | alg_opt = -pkeyopt rsa_keygen_bits:$(width) | |
30 | ||
11fdf7f2 TL |
31 | hosts = |
32 | ||
33 | all : $(crt) | |
34 | ||
35 | clean : | |
36 | @rm -f $(crt) $(csr) $(pubkey) $(prvkey) | |
37 | ||
f67539c2 | 38 | %.key : |
11fdf7f2 | 39 | @echo generating $@ |
f67539c2 | 40 | openssl genpkey -out $@ -algorithm $(alg) $(alg_opt) |
11fdf7f2 TL |
41 | |
42 | %.pub : %.key | |
43 | @echo generating $@ | |
f67539c2 | 44 | openssl pkey -in $< -out $@ |
11fdf7f2 TL |
45 | |
46 | $(config) : $(MAKEFILE_LIST) | |
47 | @echo generating $@ | |
48 | @( \ | |
11fdf7f2 TL |
49 | echo [ req ] ; \ |
50 | echo default_bits = $(width) ; \ | |
51 | echo default_keyfile = $(prvkey) ; \ | |
f67539c2 | 52 | echo default_md = sha256 ; \ |
11fdf7f2 TL |
53 | echo distinguished_name = req_distinguished_name ; \ |
54 | echo req_extensions = v3_req ; \ | |
55 | echo prompt = no ; \ | |
56 | echo [ req_distinguished_name ] ; \ | |
57 | echo C = $(country) ; \ | |
58 | echo ST = $(state) ; \ | |
59 | echo L = $(locality) ; \ | |
60 | echo O = $(org) ; \ | |
61 | echo OU = $(unit) ; \ | |
62 | echo CN= $(common) ; \ | |
63 | echo emailAddress = $(email) ; \ | |
64 | echo [v3_ca] ; \ | |
65 | echo subjectKeyIdentifier=hash ; \ | |
66 | echo authorityKeyIdentifier=keyid:always,issuer:always ; \ | |
67 | echo basicConstraints = CA:true ; \ | |
68 | echo [v3_req] ; \ | |
69 | echo "# Extensions to add to a certificate request" ; \ | |
70 | echo basicConstraints = CA:FALSE ; \ | |
71 | echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment ; \ | |
72 | $(if $(hosts), echo subjectAltName = @alt_names ;) \ | |
73 | $(if $(hosts), echo [alt_names] ;) \ | |
74 | $(if $(hosts), index=1; for host in $(hosts); \ | |
75 | do echo DNS.$$index = $$host.$(domain); \ | |
76 | index=$$(($$index + 1));done ;) \ | |
77 | ) > $@ | |
78 | ||
79 | %.csr : %.key $(config) | |
80 | @echo generating $@ | |
81 | openssl req -new -key $< -out $@ -config $(config) | |
82 | ||
83 | %.crt : %.csr $(root) $(rootkey) | |
84 | @echo generating $@ | |
85 | openssl x509 -req -in $< -CA $(root) -CAkey $(rootkey) -CAcreateserial \ | |
86 | -out $@ -days $(days) | |
87 | ||
88 | %.pem : %.key $(config) | |
89 | @echo generating $@ | |
90 | openssl req -x509 -new -nodes -key $< -days $(days) -config $(config) \ | |
91 | -out $@ | |
92 | ||
93 | .PRECIOUS : %.pem %.key %.pub %.crt %.csr | |
94 |