79 lines
2.8 KiB
Makefile
79 lines
2.8 KiB
Makefile
#!/bin/sh
|
|
|
|
all: client-cert.pem server-cert.pem badclient-cert.pem public-key.txt root.crl.pem ldap-cert.pem webclient-cert.pem
|
|
|
|
clean:
|
|
rm -f *.key *.pem *.csr *.crt ca.srl public-key.txt index.txt index.txt.attr index.txt.old crlnumber crlnumber.old ../replay/commands.asc
|
|
|
|
myCA.key:
|
|
openssl genrsa -out myCA.key 2048
|
|
|
|
public-key.txt:
|
|
rm -f ~/.gnupg/testkeys.gpg
|
|
gpg --no-default-keyring --keyring testkeys.gpg --batch --generate-key gpg-key-conf
|
|
gpg --no-default-keyring --keyring testkeys.gpg --armor --export joe@foo.bar | sed -e ':a' -e 'N' -e '$$!ba' -e 's/\n/\\n/g' | tr -d "\n" > public-key.txt
|
|
rm -f ../replay/commands.asc
|
|
test -f ../replay/commands && gpg --no-default-keyring --keyring testkeys.gpg --clear-sign -u joe@foo.bar ../replay/commands || echo
|
|
rm -f ~/.gnupg/testkeys.gpg
|
|
|
|
ca.crt: myCA.key
|
|
OPENSSL_CONF=ca.cnf openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out ca.crt
|
|
|
|
server-key.pem:
|
|
openssl genrsa -out server-key.pem 2048
|
|
|
|
server-csr.pem: server-key.pem
|
|
OPENSSL_CONF=server.cnf openssl req -new -key server-key.pem -out server-csr.pem
|
|
|
|
client-key.pem:
|
|
openssl genrsa -out client-key.pem 2048
|
|
|
|
badclient-csr.pem: client-key.pem
|
|
OPENSSL_CONF=badclient.cnf openssl req -new -key client-key.pem -out badclient-csr.pem
|
|
|
|
client-csr.pem: client-key.pem
|
|
OPENSSL_CONF=client.cnf openssl req -new -key client-key.pem -out client-csr.pem
|
|
|
|
server-cert.pem: server-csr.pem ca.crt
|
|
openssl x509 -req -in server-csr.pem -CA ca.crt -CAkey myCA.key \
|
|
-CAcreateserial -out server-cert.pem -days 1825 -sha256
|
|
|
|
client-cert.pem: client-csr.pem ca.crt
|
|
openssl x509 -req -in client-csr.pem -CA ca.crt -CAkey myCA.key \
|
|
-CAcreateserial -out client-cert.pem -days 1825 -sha256
|
|
|
|
badclient-cert.pem: badclient-csr.pem ca.crt
|
|
openssl x509 -req -in badclient-csr.pem -CA ca.crt -CAkey myCA.key \
|
|
-CAcreateserial -out badclient-cert.pem -days 1825 -sha256
|
|
|
|
webclient-key.pem:
|
|
openssl genrsa -out webclient-key.pem 2048
|
|
|
|
webclient-csr.pem: webclient-key.pem
|
|
OPENSSL_CONF=webclient.cnf openssl req -new -key webclient-key.pem -out webclient-csr.pem
|
|
|
|
webclient-cert.pem: webclient-csr.pem
|
|
openssl x509 -req -in webclient-csr.pem -CA ca.crt -CAkey myCA.key \
|
|
-CAcreateserial -out webclient-cert.pem -days 1825 -sha256
|
|
|
|
ldap-key.pem:
|
|
openssl genrsa -out ldap-key.pem 2048
|
|
|
|
ldap-csr.pem: ldap-key.pem
|
|
OPENSSL_CONF=ldap.cnf openssl req -new -key ldap-key.pem -out ldap-csr.pem
|
|
|
|
ldap-cert.pem: ldap-csr.pem
|
|
openssl x509 -req -in ldap-csr.pem -CA ca.crt -CAkey myCA.key \
|
|
-CAcreateserial -out ldap-cert.pem -days 1825 -sha256
|
|
|
|
index.txt: badclient-cert.pem
|
|
touch index.txt
|
|
echo 01 > crlnumber
|
|
openssl ca -cert ca.crt -keyfile myCA.key -config ca.cnf -revoke badclient-cert.pem
|
|
|
|
root.crl.pem: index.txt
|
|
openssl ca -config ca.cnf -gencrl -keyfile myCA.key -cert ca.crt -out root.crl.pem
|
|
cat ca.crt >> root.crl.pem
|
|
|
|
|