OpenSSL package now builds.

[fedora-mingw.git] / openssl / Makefile.certificate

diff --git a/openssl/Makefile.certificate b/openssl/Makefile.certificate
new file mode 100644 (file)
index 0000000..bf3dc21
--- /dev/null
+++ b/openssl/Makefile.certificate
@@ -0,0 +1,74 @@
+UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
+SERIAL=0
+
+.PHONY: usage
+.SUFFIXES: .key .csr .crt .pem
+.PRECIOUS: %.key %.csr %.crt %.pem
+
+usage:
+       @echo "This makefile allows you to create:"
+       @echo "  o public/private key pairs"
+       @echo "  o SSL certificate signing requests (CSRs)"
+       @echo "  o self-signed SSL test certificates"
+       @echo
+       @echo "To create a key pair, run \"make SOMETHING.key\"."
+       @echo "To create a CSR, run \"make SOMETHING.csr\"."
+       @echo "To create a test certificate, run \"make SOMETHING.crt\"."
+       @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
+       @echo
+       @echo "To create a key for use with Apache, run \"make genkey\"."
+       @echo "To create a CSR for use with Apache, run \"make certreq\"."
+       @echo "To create a test certificate for use with Apache, run \"make testcert\"."
+       @echo
+       @echo "To create a test certificate with serial number other than zero, add SERIAL=num"
+       @echo
+       @echo Examples:
+       @echo "  make server.key"
+       @echo "  make server.csr"
+       @echo "  make server.crt"
+       @echo "  make stunnel.pem"
+       @echo "  make genkey"
+       @echo "  make certreq"
+       @echo "  make testcert"
+       @echo "  make server.crt SERIAL=1"
+       @echo "  make stunnel.pem SERIAL=2"
+       @echo "  make testcert SERIAL=3"
+
+%.pem:
+       umask 77 ; \
+       PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+       PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+       /usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
+       cat $$PEM1 >  $@ ; \
+       echo ""    >> $@ ; \
+       cat $$PEM2 >> $@ ; \
+       $(RM) $$PEM1 $$PEM2
+
+%.key:
+       umask 77 ; \
+       /usr/bin/openssl genrsa -des3 1024 > $@
+
+%.csr: %.key
+       umask 77 ; \
+       /usr/bin/openssl req $(UTF8) -new -key $^ -out $@
+
+%.crt: %.key
+       umask 77 ; \
+       /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
+
+TLSROOT=/etc/pki/tls
+KEY=$(TLSROOT)/private/localhost.key
+CSR=$(TLSROOT)/certs/localhost.csr
+CRT=$(TLSROOT)/certs/localhost.crt
+
+genkey: $(KEY)
+certreq: $(CSR)
+testcert: $(CRT)
+
+$(CSR): $(KEY)
+       umask 77 ; \
+       /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
+
+$(CRT): $(KEY)
+       umask 77 ; \
+       /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)