95 lines
2.8 KiB
Plaintext
95 lines
2.8 KiB
Plaintext
server = $(shell hostname)
|
|
domain = $(shell dnsdomainname)
|
|
name = $(server)
|
|
|
|
country = SE
|
|
state = Stockholm
|
|
locality= $(state)
|
|
org = $(domain)
|
|
unit = $(domain)
|
|
mail = mx
|
|
common = $(server).$(domain)
|
|
email = postmaster@$(domain)
|
|
ckey = ca$(key).pem
|
|
|
|
pubkey = $(name).pub
|
|
prvkey = $(name).key
|
|
width = 4096
|
|
|
|
csr = $(name).csr
|
|
crt = $(name).crt
|
|
|
|
root = ca$(name).pem
|
|
rootkey = ca$(name).key
|
|
|
|
config = $(name).cfg
|
|
days = 3650
|
|
|
|
alg = RSA
|
|
alg_opt = -pkeyopt rsa_keygen_bits:$(width)
|
|
|
|
hosts =
|
|
|
|
all : $(crt)
|
|
|
|
clean :
|
|
@rm -f $(crt) $(csr) $(pubkey) $(prvkey)
|
|
|
|
%.key :
|
|
@echo generating $@
|
|
openssl genpkey -out $@ -algorithm $(alg) $(alg_opt)
|
|
|
|
%.pub : %.key
|
|
@echo generating $@
|
|
openssl pkey -in $< -out $@
|
|
|
|
$(config) : $(MAKEFILE_LIST)
|
|
@echo generating $@
|
|
@( \
|
|
echo [ req ] ; \
|
|
echo default_bits = $(width) ; \
|
|
echo default_keyfile = $(prvkey) ; \
|
|
echo default_md = sha256 ; \
|
|
echo distinguished_name = req_distinguished_name ; \
|
|
echo req_extensions = v3_req ; \
|
|
echo prompt = no ; \
|
|
echo [ req_distinguished_name ] ; \
|
|
echo C = $(country) ; \
|
|
echo ST = $(state) ; \
|
|
echo L = $(locality) ; \
|
|
echo O = $(org) ; \
|
|
echo OU = $(unit) ; \
|
|
echo CN= $(common) ; \
|
|
echo emailAddress = $(email) ; \
|
|
echo [v3_ca] ; \
|
|
echo subjectKeyIdentifier=hash ; \
|
|
echo authorityKeyIdentifier=keyid:always,issuer:always ; \
|
|
echo basicConstraints = CA:true ; \
|
|
echo [v3_req] ; \
|
|
echo "# Extensions to add to a certificate request" ; \
|
|
echo basicConstraints = CA:FALSE ; \
|
|
echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment ; \
|
|
$(if $(hosts), echo subjectAltName = @alt_names ;) \
|
|
$(if $(hosts), echo [alt_names] ;) \
|
|
$(if $(hosts), index=1; for host in $(hosts); \
|
|
do echo DNS.$$index = $$host.$(domain); \
|
|
index=$$(($$index + 1));done ;) \
|
|
) > $@
|
|
|
|
%.csr : %.key $(config)
|
|
@echo generating $@
|
|
openssl req -new -key $< -out $@ -config $(config)
|
|
|
|
%.crt : %.csr $(root) $(rootkey)
|
|
@echo generating $@
|
|
openssl x509 -req -in $< -CA $(root) -CAkey $(rootkey) -CAcreateserial \
|
|
-out $@ -days $(days)
|
|
|
|
%.pem : %.key $(config)
|
|
@echo generating $@
|
|
openssl req -x509 -new -nodes -key $< -days $(days) -config $(config) \
|
|
-out $@
|
|
|
|
.PRECIOUS : %.pem %.key %.pub %.crt %.csr
|
|
|