diff options
Diffstat (limited to 'certs')
-rw-r--r-- | certs/Makefile | 42 | ||||
-rw-r--r-- | certs/localhost.cnf | 4 |
2 files changed, 40 insertions, 6 deletions
diff --git a/certs/Makefile b/certs/Makefile index 587fadc6..6a8b140f 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,16 +15,52 @@ keysize=2048 # To request a cert %.csr: %.cnf %.key - openssl req -new -key $(lastword $^) -out $@ -utf8 -config $(firstword $^) + openssl req -new -key $(lastword $^) \ + -sha256 -utf8 -config $(firstword $^) -out $@ + +%.csr: %.cnf + umask 0077 && touch $*.key + openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -sha256 -utf8 -config $^ -out $@ + @chmod 400 $*.key -c + +%.csr: %.key + openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ + +%.csr: + umask 0077 && touch $*.key + openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -utf8 -subj /CN=$* -out $@ + @chmod 400 $*.key -c # Self signed %.crt: %.cnf %.key - openssl req -new -x509 -nodes -key $(lastword $^) -days 365 \ - -sha1 -out $@ -utf8 -config $(firstword $^) + openssl req -new -x509 -key $(lastword $^) -days 365 -sha256 -utf8 \ + -config $(firstword $^) -out $@ + +%.crt: %.cnf + umask 0077 && touch $*.key + openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ + @chmod 400 $*.key -c +%.crt: %.key + openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ + +%.crt: + umask 0077 && touch $*.key + openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -days 365 -sha256 -out $@ -utf8 -subj /CN=$* + @chmod 400 $*.key -c + +# Generate a config from the example %.cnf: sed 's,example\.com,$*,g' openssl.cnf > $@ %.key: umask 0077 && openssl genrsa -out $@ $(keysize) @chmod 400 $@ + +# Generate Diffie-Hellman parameters +dh-%.pem: + openssl dhparam -out $@ $* diff --git a/certs/localhost.cnf b/certs/localhost.cnf index 41548534..a7dc6cfe 100644 --- a/certs/localhost.cnf +++ b/certs/localhost.cnf @@ -1,7 +1,5 @@ [v3_extensions] -extendedKeyUsage = serverAuth,clientAuth -keyUsage = digitalSignature,keyEncipherment -basicConstraints = CA:FALSE +basicConstraints = CA:TRUE subjectAltName = @subject_alternative_name [subject_alternative_name] |