openssl/Makefile.certificate

UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
DAYS=365
KEYLEN=2048
TYPE=rsa:$(KEYLEN)
EXTRA_FLAGS=
ifdef SERIAL
	EXTRA_FLAGS+=-set_serial $(SERIAL)
endif

.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem

usage:
	@echo "This makefile allows you to create:"
	@echo "  o public/private key pairs"
	@echo "  o SSL certificate signing requests (CSRs)"
	@echo "  o self-signed SSL test certificates"
	@echo
	@echo "To create a key pair, run \"make SOMETHING.key\"."
	@echo "To create a CSR, run \"make SOMETHING.csr\"."
	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
	@echo
	@echo "To create a key for use with Apache, run \"make genkey\"."
	@echo "To create a CSR for use with Apache, run \"make certreq\"."
	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
	@echo
	@echo "To create a test certificate with serial number other than random, add SERIAL=num"
	@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
	@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
	@echo
	@echo Examples:
	@echo "  make server.key"
	@echo "  make server.csr"
	@echo "  make server.crt"
	@echo "  make stunnel.pem"
	@echo "  make genkey"
	@echo "  make certreq"
	@echo "  make testcert"
	@echo "  make server.crt SERIAL=1"
	@echo "  make stunnel.pem EXTRA_FLAGS=-sha384"
	@echo "  make testcert DAYS=600"

%.pem:
	umask 77 ; \
	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
	/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
	cat $$PEM1 >  $@ ; \
	echo ""    >> $@ ; \
	cat $$PEM2 >> $@ ; \
	$(RM) $$PEM1 $$PEM2

%.key:
	umask 77 ; \
	/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@

%.csr: %.key
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@

%.crt: %.key
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)

TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
CSR=$(TLSROOT)/certs/localhost.csr
CRT=$(TLSROOT)/certs/localhost.crt

genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)

$(CSR): $(KEY)
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)

$(CRT): $(KEY)
	umask 77 ; \
	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
- Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq 2005-02-10 09:26:39 +00:00			`UTF8 := $(shell locale -c LC_CTYPE -k \| grep -q charmap.*UTF-8 && echo -utf8)`
make expiration and key length changeable by DAYS and KEYLEN variables in the certificate Makefile (#1058108) - change default hash to sha256 (#1062325) 2014-02-06 17:07:59 +00:00			`DAYS=365`
			`KEYLEN=2048`
			`TYPE=rsa:$(KEYLEN)`
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`EXTRA_FLAGS=`
			`ifdef SERIAL`
			`EXTRA_FLAGS+=-set_serial $(SERIAL)`
			`endif`
- Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq 2005-02-10 09:26:39 +00:00
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00			`.PHONY: usage`
			`.SUFFIXES: .key .csr .crt .pem`
			`.PRECIOUS: %.key %.csr %.crt %.pem`

			`usage:`
			`@echo "This makefile allows you to create:"`
			`@echo " o public/private key pairs"`
			`@echo " o SSL certificate signing requests (CSRs)"`
			`@echo " o self-signed SSL test certificates"`
			`@echo`
			`@echo "To create a key pair, run \"make SOMETHING.key\"."`
			`@echo "To create a CSR, run \"make SOMETHING.csr\"."`
			`@echo "To create a test certificate, run \"make SOMETHING.crt\"."`
			`@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."`
			`@echo`
			`@echo "To create a key for use with Apache, run \"make genkey\"."`
			`@echo "To create a CSR for use with Apache, run \"make certreq\"."`
			`@echo "To create a test certificate for use with Apache, run \"make testcert\"."`
			`@echo`
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`@echo "To create a test certificate with serial number other than random, add SERIAL=num"`
make expiration and key length changeable by DAYS and KEYLEN variables in the certificate Makefile (#1058108) - change default hash to sha256 (#1062325) 2014-02-06 17:07:59 +00:00			`@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"`
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"`
- added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903) 2005-03-30 10:52:21 +00:00			`@echo`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00			`@echo Examples:`
			`@echo " make server.key"`
			`@echo " make server.csr"`
			`@echo " make server.crt"`
			`@echo " make stunnel.pem"`
			`@echo " make genkey"`
			`@echo " make certreq"`
			`@echo " make testcert"`
- added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903) 2005-03-30 10:52:21 +00:00			`@echo " make server.crt SERIAL=1"`
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`@echo " make stunnel.pem EXTRA_FLAGS=-sha384"`
			`@echo " make testcert DAYS=600"`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00
			`%.pem:`
			`umask 77 ; \`
			PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
			PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00			`cat $$PEM1 > $@ ; \`
			`echo "" >> $@ ; \`
			`cat $$PEM2 >> $@ ; \`
			`$(RM) $$PEM1 $$PEM2`

			`%.key:`
			`umask 77 ; \`
make expiration and key length changeable by DAYS and KEYLEN variables in the certificate Makefile (#1058108) - change default hash to sha256 (#1062325) 2014-02-06 17:07:59 +00:00			`/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00
			`%.csr: %.key`
			`umask 77 ; \`
- Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq 2005-02-10 09:26:39 +00:00			`/usr/bin/openssl req $(UTF8) -new -key $^ -out $@`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00
			`%.crt: %.key`
			`umask 77 ; \`
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00
- use poll instead of select in rand (#128285) - fix Makefile.certificate to point to /etc/pki/tls - change the default string mask in ASN1 to PrintableString+UTF8String 2005-04-27 10:48:43 +00:00			`TLSROOT=/etc/pki/tls`
			`KEY=$(TLSROOT)/private/localhost.key`
			`CSR=$(TLSROOT)/certs/localhost.csr`
			`CRT=$(TLSROOT)/certs/localhost.crt`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00
			`genkey: $(KEY)`
			`certreq: $(CSR)`
			`testcert: $(CRT)`

			`$(CSR): $(KEY)`
			`umask 77 ; \`
- Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq 2005-02-10 09:26:39 +00:00			`/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)`
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - move /usr/share/ssl/ from -devel to main package Tue Oct 26 1999 Bernhard Rosenkr�nzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 2004-09-09 09:35:06 +00:00
			`$(CRT): $(KEY)`
			`umask 77 ; \`
Makefile.certificate should not set serial to 0 by default 2015-12-04 13:36:15 +00:00			`/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)`