#!/bin/sh all: client-cert.pem server-cert.pem badclient-cert.pem public-key.txt root.crl.pem ldap-cert.pem webclient-cert.pem clean: rm -f *.key *.pem *.csr *.crt ca.srl public-key.txt index.txt index.txt.attr index.txt.old crlnumber crlnumber.old ../replay/commands.asc myCA.key: openssl genrsa -out myCA.key 2048 public-key.txt: rm -f ~/.gnupg/testkeys.gpg gpg --no-default-keyring --keyring testkeys.gpg --batch --generate-key gpg-key-conf gpg --no-default-keyring --keyring testkeys.gpg --armor --export joe@foo.bar | sed -e ':a' -e 'N' -e '$$!ba' -e 's/\n/\\n/g' | tr -d "\n" > public-key.txt rm -f ../replay/commands.asc test -f ../replay/commands && gpg --no-default-keyring --keyring testkeys.gpg --clear-sign -u joe@foo.bar ../replay/commands || echo rm -f ~/.gnupg/testkeys.gpg ca.crt: myCA.key OPENSSL_CONF=ca.cnf openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out ca.crt server-key.pem: openssl genrsa -out server-key.pem 2048 server-csr.pem: server-key.pem OPENSSL_CONF=server.cnf openssl req -new -key server-key.pem -out server-csr.pem client-key.pem: openssl genrsa -out client-key.pem 2048 badclient-csr.pem: client-key.pem OPENSSL_CONF=badclient.cnf openssl req -new -key client-key.pem -out badclient-csr.pem client-csr.pem: client-key.pem OPENSSL_CONF=client.cnf openssl req -new -key client-key.pem -out client-csr.pem server-cert.pem: server-csr.pem ca.crt openssl x509 -req -in server-csr.pem -CA ca.crt -CAkey myCA.key \ -CAcreateserial -out server-cert.pem -days 1825 -sha256 client-cert.pem: client-csr.pem ca.crt openssl x509 -req -in client-csr.pem -CA ca.crt -CAkey myCA.key \ -CAcreateserial -out client-cert.pem -days 1825 -sha256 badclient-cert.pem: badclient-csr.pem ca.crt openssl x509 -req -in badclient-csr.pem -CA ca.crt -CAkey myCA.key \ -CAcreateserial -out badclient-cert.pem -days 1825 -sha256 webclient-key.pem: openssl genrsa -out webclient-key.pem 2048 webclient-csr.pem: webclient-key.pem OPENSSL_CONF=webclient.cnf openssl req -new -key webclient-key.pem -out webclient-csr.pem webclient-cert.pem: webclient-csr.pem openssl x509 -req -in webclient-csr.pem -CA ca.crt -CAkey myCA.key \ -CAcreateserial -out webclient-cert.pem -days 1825 -sha256 ldap-key.pem: openssl genrsa -out ldap-key.pem 2048 ldap-csr.pem: ldap-key.pem OPENSSL_CONF=ldap.cnf openssl req -new -key ldap-key.pem -out ldap-csr.pem ldap-cert.pem: ldap-csr.pem openssl x509 -req -in ldap-csr.pem -CA ca.crt -CAkey myCA.key \ -CAcreateserial -out ldap-cert.pem -days 1825 -sha256 index.txt: badclient-cert.pem touch index.txt echo 01 > crlnumber openssl ca -cert ca.crt -keyfile myCA.key -config ca.cnf -revoke badclient-cert.pem root.crl.pem: index.txt openssl ca -config ca.cnf -gencrl -keyfile myCA.key -cert ca.crt -out root.crl.pem cat ca.crt >> root.crl.pem