server  = $(shell hostname)
domain  = $(shell dnsdomainname)
name    = $(server)

country = SE
state   = Stockholm
locality= $(state)
org     = $(domain)
unit    = $(domain)
mail    = mx
common  = $(server).$(domain)
subj	= "/C=$(country)/ST=$(state)/L=$(locality)/O=$(domain)/OU=$(domain)/CN=$(common)"
client1	= "/C=$(country)/ST=$(state)/L=$(locality)/O=$(domain)/OU=$(domain)/CN=client1.org"
client2	= "/C=$(country)/ST=$(state)/L=$(locality)/O=$(domain)/OU=$(domain)/CN=client2.org"
mtls_certs  :
		openssl ecparam -name prime256v1 -genkey -noout -out mtls_ca.key
		openssl req -new -x509 -sha256 -key mtls_ca.key -out mtls_ca.crt -subj $(subj)
		openssl ecparam -name prime256v1 -genkey -noout -out mtls_server.key
		openssl req -new -sha256 -key mtls_server.key -out mtls_server.csr -subj $(subj)
		openssl x509 -req -in mtls_server.csr -CA mtls_ca.crt -CAkey mtls_ca.key -CAcreateserial -out mtls_server.crt -days 1000 -sha256

		openssl ecparam -name prime256v1 -genkey -noout -out mtls_client1.key
		openssl req -new -sha256 -key mtls_client1.key -out mtls_client1.csr  -subj $(client1)
		openssl x509 -req -in mtls_client1.csr -CA mtls_ca.crt -CAkey mtls_ca.key -CAcreateserial -out mtls_client1.crt -days 1000 -sha256

		openssl ecparam -name prime256v1 -genkey -noout -out mtls_client2.key
		openssl req -new -sha256 -key mtls_client2.key -out mtls_client2.csr  -subj $(client2)
		openssl x509 -req -in mtls_client2.csr -CA mtls_ca.crt -CAkey mtls_ca.key -CAcreateserial -out mtls_client2.crt -days 1000 -sha256