# updated: 040806 # Using 'cc -E' causes some problems. CPP =cpp CA =com.example # 2048 bits are currently (2003) recommended for CAs. CABITS =2048 CADAYS =750 # 1024 bits because most browsers only support 512 or 1024. SITEBITS =1024 SITEDAYS =750 SREQDAYS =3 ASERI =_CASerial APKEY =_CAPrivate_key ACERT =_CACertificate ABOTH =_CA SPKEY =_Private_key SCREQ =_CertRequest SCERT =_Certificate SBOTH = # Generate site CA private key using RSA and encrypted using DES3. all: com.example.SSL.pem all: com.example.SSL_Certificate.pem all: com.example.SSL_Private_key.pem .PRECIOUS: ${CA}${APKEY}.pem .PRECIOUS: ${CA}${ACERT}.pem .PRECIOUS: ${CA}${ABOTH}.pem %.cnf: default.ini %.ini $(CPP) -I. '$*.ini' | sed 's/ *%% *//g' > '$@' %${APKEY}.pem: openssl genrsa -des3 \ -out '$@' \ '${CABITS}' chmod og= '$@' # Generate site CA certificate via self-signing. # Use 'openssl req' instead of 'openssl ca' because the CA has not # yet been set up. %${ACERT}.pem: %${ACERT}.cnf %${APKEY}.pem openssl req -new -x509 \ -out '$@' \ -config '$*${ACERT}.cnf' \ -days '${CADAYS}' \ -key '$*${APKEY}.pem' chmod a+r '$@' %${ABOTH}.pem: %${APKEY}.pem %${ACERT}.pem cat '$*${APKEY}.pem' '$*${ACERT}.pem' > '$@' chmod og= '$@' # Generate unencrypted host key and an unencrypted signing request. %${SPKEY}.pem: openssl genrsa \ -out '$@' \ '${SITEBITS}' chmod og= '$@' %${SCREQ}.pem: %${SCREQ}.cnf %${SPKEY}.pem openssl req -new -nodes \ -out '$@' \ -config '$*${SCREQ}.cnf' \ -days '${SREQDAYS}' \ -key '$*${SPKEY}.pem' chmod og= '$@' # Generate signed site certificate from the request. %${SCERT}.pem: ${CA}${APKEY}.pem ${CA}${ACERT}.pem \ %${SCERT}.cnf %${SCREQ}.pem openssl x509 -req \ -out '$@' \ -extfile '$*${SCERT}.cnf' \ -days '${SITEDAYS}' \ -CAcreateserial \ -CAserial '${CA}${ASERI}.txt' \ -CA '${CA}${ACERT}.pem' \ -CAkey '${CA}${APKEY}.pem' \ -in '$*${SCREQ}.pem' chmod a+r '$@' %${SBOTH}.pem: %${SPKEY}.pem %${SCERT}.pem cat '$*${SPKEY}.pem' '$*${SCERT}.pem' > '$@' chmod og= '$@'