ALL: @$(ECHO) '\nusage: make help' @$(ECHO) ' for more help\n' @$(ECHO) '\nusage: make .(server|client)\n' @$(ECHO) ' i.e.: make www.server : www.csr --> www.crt\n' @exit 1 PRE=$(ECHO) -n "Checking for needed files: " && $(TEST) -x $(SSL) && \ $(TEST) -r $(CNF) && $(TEST) -d $(CPATH) && $(ECHO) "(OK)" .PRECIOUS: %.key %.rsa %.csr %.crt %.key: @$(PRE) @$(ECHO) "Generating RSA key: $@" @$(SSL) genrsa -des3 -out $@ 1024 @$(CHMOD) 400 $@ %.rsa: @$(PRE) @$(ECHO) "Decrypting RSA key (removeing passsphrase) to $@" @$(ECHO) "WARNING: This is INSECURE!" @$(SSL) rsa -in `$(DIRNAME) $@`/`$(BASENAME) $@ .rsa`.key -out $@ @$(CHMOD) 400 $@ %.newpass: @$(PRE) @$(ECHO) "Encrypting RSA key with (new) DES3 passphrase" @FILE=`$(DIRNAME) $@`/`$(BASENAME) $@ .newpass` ; \ $(TEST) -s $$FILE.rsa && ( \ $(ECHO) "Useing .rsa keyfile $$FILE.rsa"; \ $(ECHO) " (new passphrase)" ; \ $(SSL) rsa -des3 -in $$FILE.rsa \ -out $@ && \ $(ECHO) "copying to $$FILE.key " && \ $(CHMOD) 400 $@ && \ $(CP) $@ $$FILE.key && \ $(RM) $@ ) ; \ true @FILE=`$(DIRNAME) $@`/`$(BASENAME) $@ .newpass` ; \ $(TEST) ! -s $$FILE.rsa && ( \ $(ECHO) "Useing .key keyfile $$FILE.key"; \ $(ECHO) -n " (changing passphrase - need" ; \ $(ECHO) " old and new)"; \ $(SSL) rsa -des3 -in $$FILE.key \ -out $@ && \ $(ECHO) "copying to $$FILE.key " && \ $(CHMOD) 400 $@ && \ $(CP) $@ $$FILE.key && \ $(RM) $@ ) ; \ true %.csr: %.key @$(PRE) @$(ECHO) "Generating Certificate Signing Request: $@" @$(SSL) req -new -key $^ -out $@ -config $(CNF) %.crt: %.csr @$(PRE) @$(ECHO) "Signing CSR $^ to $@" @$(ECHO) "CA private key passphrase required!" @$(ECHO) -n "checking CA certificate: " @$(TEST) -s $(CACERT).pem @$(ECHO) "(OK)" @$(SSL) ca -name server -config $(CNF) \ -out $@ -infiles $^ ; \ test -s $@ || ( $(RM) $@ ; exit 1 ) @$(CHMOD) 0440 $@ %.revoked: @$(PRE) @$(ECHO) -n "cert file check: " @$(TEST) -r `$(DIRNAME) $@`/`$(BASENAME) $@ .revoked`.crt @$(ECHO) "(OK)" @$(ECHO) "Revoking Certificate" @$(ECHO) "CA private key passphrase required!" @$(ECHO) -n "checking CA certificate: " @$(TEST) -s $(CACERT).pem @$(ECHO) "(OK)" @$(SSL) ca -config $(CNF) \ -revoke `$(DIRNAME) $@`/`$(BASENAME) $@ .revoked`.crt ; @$(ECHO) -n > $@ %.client: %.cl-req @$(PRE) @$(ECHO) "Signing Client CSR $^ to $@" @$(ECHO) "CA private key passphrase required!" @$(ECHO) -n "checking CA certificate: " @$(TEST) -s $(CACERT).pem @$(ECHO) "(OK)" @$(SSL) ca -spkac $^ \ -config $(CNF) \ -out $@ -name client ; \ test -s $@ || ( $(RM) $@ ; exit 1 ) @$(ECHO) "- converting to TXT" @$(SSL) x509 -inform der -in $@ -out $@.txt -text @$(CHMOD) 0440 $@ %.server: $(CPATH)/%.csr @$(PRE) @$(ECHO) $(SSL) ca -name server -config $(CNF) \ -out $(CPATH)/`$(BASENAME) $@ .server`.crt \ -infiles $(CPATH)/`$(BASENAME) $@ .server`.csr @$(SSL) ca -name server -config $(CNF) \ -out $(CPATH)/`$(BASENAME) $@ .server`.crt \ -infiles $(CPATH)/`$(BASENAME) $@ .server`.csr @$(TEST) -s $(CPATH)/`$(BASENAME) $@ .server`.crt @$(CHMOD) 0440 $(CPATH)/`$(BASENAME) $@ .server`.crt %.client2: $(CPATH)/%.csr @$(ECHO) $(SSL) ca -name client -config $(CNF) \ -out $(CPATH)/`$(BASENAME) $@ .server`.crt \ -infiles $(CPATH)/`$(BASENAME) $@ .server`.csr @$(SSL) ca -name client -config $(CNF) \ -out $(CPATH)/`$(BASENAME) $@ .server`.crt \ -infiles $(CPATH)/`$(BASENAME) $@ .server`.csr @$(TEST) -s $(CPATH)/`$(BASENAME) $@ .client`.crt @$(CHMOD) 0440 $(CPATH)/`$(BASENAME) $@ .client`.crt crl: $(CRL) $(CRL): index.txt @$(PRE) @$(SSL) ca -gencrl -config $(CNF) -out $(CRL) @$(CP) $(CRL) $(CRLDIR)/`$(DATE) +%m%d%y_%H%M%S`.crl @$(ECHO) "- converting to DER" @$(SSL) crl -in $(CRL) -out $(CRL)der -outform der @$(ECHO) "- converting to TXT" @$(SSL) crl -in $(CRL) -out $(CRL).txt -text CA-WIPEOUT: CA-RESET @$(ECHO) "Removeing ALL CA files / Data" @$(RM) -f $(CAKEY).pem $(CACERT).dummy.pem $(CAREQ).pem \ $(CACERT).pem $(CACERT).der $(CACERT).txt $(CPATH)/* \ $(NEWCERTS)/* $(CRL) CA-RESET: @$(ECHO) "Reseting (Erasing) Cert-Database" @$(RM) -f $(CA)/index.txt.old $(CA)/serial.old @$(ECHO) -n "" > $(CA)/index.txt @$(ECHO) "01" > $(CA)/serial CA-KEY: $(CAKEY).pem $(CAKEY).pem: @$(PRE) @$(ECHO) "Creating a new CA" @$(ECHO) " - you should remove old date useing" @$(ECHO) " 'make CA-WIPEOUT' or 'make CA-RESET'" @$(ECHO) "---------------------------------------------" @$(ECHO) "" @$(ECHO) "- generating new des3 encrypted RSA Key..." @$(SSL) genrsa -des3 -out $(CAKEY).pem -rand randomfile 512 \ -config $(CNF) @$(CHMOD) 400 $(CAKEY).pem $(CACERT).dummy.pem: $(CAKEY).pem @$(ECHO) "- self sign key for dummy cert..." @$(SSL) req -new -x509 -key $(CAKEY).pem -outform pem \ -out $(CACERT).dummy.pem -config $(CNF) $(CAREQ).pem: $(CAKEY).pem @$(ECHO) "- CA - Certification Sign Request (CA-CSR)..." @$(SSL) req -new -key $(CAKEY).pem -out $(CAREQ).pem \ -config $(CNF) CA-CERT: $(CACERT).pem $(CACERT).pem: $(CAKEY).pem $(CAREQ).pem $(CACERT).dummy.pem @$(ECHO) "- Signing CA-CSR with dummy cert..." @$(SSL) ca -name CA -keyfile $(CAKEY).pem \ -in $(CAREQ).pem -out $(CACERT).pem \ -config $(CNF) -cert $(CACERT).dummy.pem @$(TEST) -s $(CACERT).pem || ( $(ECHO) "Signinging failed"; \ $(RM) -f $(CACERT).pem ; exit 1) show-ca: $(CACERT).pem @$(ECHO) "- check self-signed certificate manually..." @$(SSL) x509 -in $(CACERT).pem -text -noout CA-CONV: $(CACERT).der $(CACERT).txt $(CACERT).der: $(CACERT).pem @$(ECHO) "- converting to DER" @$(SSL) x509 -in $(CACERT).pem -out $(CACERT).der -outform der $(CACERT).txt: $(CACERT).pem @$(ECHO) "- converting to TXT" @$(SSL) x509 -in $(CACERT).pem -out $(CACERT).txt -text newCA: CA-CONV help: @$(ECHO) "\nCA Makefile" @$(ECHO) "-----------\n" @$(ECHO) "Target Description" @$(ECHO) "--------------------------i-------------------------------" @$(ECHO) "CA related Functions:" @$(ECHO) " newCA sets up CA Stuff (Key/Cert/Index)" @$(ECHO) " show-ca shows CA Cert" @$(ECHO) " CA-WIPEWOUT removes *all* CA-Files (TAKE CARE!)" @$(ECHO) " CA-RESET resets cert database (index.txt - CARE!)" @$(ECHO) " crl generates new crl (if index.txt is newer)" @$(ECHO) " #.server signs cert.csr to cert.crt for SSL Servers" @$(ECHO) " #.client signs cert.csr for clients (i.e. Netscape)" @$(ECHO) "Cert related Funtions:" @$(ECHO) " .key generates RSA key (DES3)" @$(ECHO) " .rsa removes RSA passphrase from .key" @$(ECHO) " .newpass adds passphrase to .rsa if exists, or" @$(ECHO) " changes passphrase from .key and" @$(ECHO) " saves result in .key" @$(ECHO) " .csr generates Certificate Signing request" @$(ECHO) " .crt signes CSR (with ca key)" @$(ECHO) "\n"