2019-09-21 16:11:55 +02:00

158 lines
3.8 KiB
Makefile

all: server1-cert.pem server2-cert.pem proxy1-cert.pem proxy2-cert.pem client1-cert.pem client2-cert.pem
#
# Create Certificate Authority: ca1
# ('password' is used for the CA password.)
#
ca1-cert.pem: ca1.cnf
openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
#
# Create Certificate Authority: ca2
# ('password' is used for the CA password.)
#
ca2-cert.pem: ca2.cnf
openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
#
# Create Certificate Authority: ca3
# ('password' is used for the CA password.)
#
ca3-cert.pem: ca3.cnf
openssl req -new -x509 -days 9999 -config ca3.cnf -keyout ca3-key.pem -out ca3-cert.pem
#
# Create Certificate Authority: ca4
# ('password' is used for the CA password.)
#
ca4-cert.pem: ca4.cnf
openssl req -new -x509 -days 9999 -config ca4.cnf -keyout ca4-key.pem -out ca4-cert.pem
#
# server1 is signed by ca1.
#
server1-key.pem:
openssl genrsa -out server1-key.pem 1024
server1-csr.pem: server1.cnf server1-key.pem
openssl req -new -config server1.cnf -key server1-key.pem -out server1-csr.pem
server1-cert.pem: server1-csr.pem ca1-cert.pem ca1-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in server1-csr.pem \
-CA ca1-cert.pem \
-CAkey ca1-key.pem \
-CAcreateserial \
-out server1-cert.pem
#
# server2 is signed by ca1.
#
server2-key.pem:
openssl genrsa -out server2-key.pem 1024
server2-csr.pem: server2.cnf server2-key.pem
openssl req -new -config server2.cnf -key server2-key.pem -out server2-csr.pem
server2-cert.pem: server2-csr.pem ca1-cert.pem ca1-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in server2-csr.pem \
-CA ca1-cert.pem \
-CAkey ca1-key.pem \
-CAcreateserial \
-out server2-cert.pem
server2-verify: server2-cert.pem ca1-cert.pem
openssl verify -CAfile ca1-cert.pem server2-cert.pem
#
# proxy1 is signed by ca2.
#
proxy1-key.pem:
openssl genrsa -out proxy1-key.pem 1024
proxy1-csr.pem: proxy1.cnf proxy1-key.pem
openssl req -new -config proxy1.cnf -key proxy1-key.pem -out proxy1-csr.pem
proxy1-cert.pem: proxy1-csr.pem ca2-cert.pem ca2-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in proxy1-csr.pem \
-CA ca2-cert.pem \
-CAkey ca2-key.pem \
-CAcreateserial \
-out proxy1-cert.pem
#
# proxy2 is signed by ca2.
#
proxy2-key.pem:
openssl genrsa -out proxy2-key.pem 1024
proxy2-csr.pem: proxy2.cnf proxy2-key.pem
openssl req -new -config proxy2.cnf -key proxy2-key.pem -out proxy2-csr.pem
proxy2-cert.pem: proxy2-csr.pem ca2-cert.pem ca2-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in proxy2-csr.pem \
-CA ca2-cert.pem \
-CAkey ca2-key.pem \
-CAcreateserial \
-out proxy2-cert.pem
proxy2-verify: proxy2-cert.pem ca2-cert.pem
openssl verify -CAfile ca2-cert.pem proxy2-cert.pem
#
# client1 is signed by ca3.
#
client1-key.pem:
openssl genrsa -out client1-key.pem 1024
client1-csr.pem: client1.cnf client1-key.pem
openssl req -new -config client1.cnf -key client1-key.pem -out client1-csr.pem
client1-cert.pem: client1-csr.pem ca3-cert.pem ca3-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in client1-csr.pem \
-CA ca3-cert.pem \
-CAkey ca3-key.pem \
-CAcreateserial \
-out client1-cert.pem
#
# client2 is signed by ca4.
#
client2-key.pem:
openssl genrsa -out client2-key.pem 1024
client2-csr.pem: client2.cnf client2-key.pem
openssl req -new -config client2.cnf -key client2-key.pem -out client2-csr.pem
client2-cert.pem: client2-csr.pem ca4-cert.pem ca4-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in client2-csr.pem \
-CA ca4-cert.pem \
-CAkey ca4-key.pem \
-CAcreateserial \
-out client2-cert.pem
clean:
rm -f *.pem *.srl
test: client-verify server2-verify proxy1-verify proxy2-verify client-verify