aboutsummaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
Diffstat (limited to 'certs')
-rw-r--r--certs/Makefile30
-rw-r--r--certs/localhost.cert22
-rw-r--r--certs/localhost.crt22
-rw-r--r--certs/localhost.key26
-rw-r--r--certs/openssl.cnf52
5 files changed, 117 insertions, 35 deletions
diff --git a/certs/Makefile b/certs/Makefile
new file mode 100644
index 00000000..f3854c5f
--- /dev/null
+++ b/certs/Makefile
@@ -0,0 +1,30 @@
+.DEFAULT: localhost.crt
+keysize=2048
+
+# How to:
+# First, `make yourhost.cnf` which creates a openssl config file.
+# Then edit this file and fill in the details you want it to have,
+# and add or change hosts and components it should cover.
+# Then `make yourhost.key` to create your private key, you can
+# include keysize=number to change the size of the key.
+# Then you can either `make yourhost.csr` to generate a certificate
+# signing request that you can submit to a CA, or `make yourhost.crt`
+# to generate a self signed certificate.
+
+.PRECIOUS: %.cnf %.key
+
+# To request a cert
+%.csr: %.cnf %.key
+ openssl req -new -key $(lastword $^) -out $@ -utf8 -config $(firstword $^)
+
+# Self signed
+%.crt: %.cnf %.key
+ openssl req -new -x509 -nodes -key $(lastword $^) -days 365 \
+ -sha1 -out $@ -utf8 -config $(firstword $^)
+
+%.cnf:
+ sed 's,example\.com,$*,g' openssl.cnf > $@
+
+%.key:
+ openssl genrsa $(keysize) > $@
+ @chmod 400 $@
diff --git a/certs/localhost.cert b/certs/localhost.cert
deleted file mode 100644
index 2459b913..00000000
--- a/certs/localhost.cert
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkDCCAvmgAwIBAgIJAO6CeZTVrfDwMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD
-VQQGEwJHQjETMBEGA1UECBMKU29tZS1TdGF0ZTETMBEGA1UEBxMKSmFiYmVybGFu
-ZDETMBEGA1UEChMKUHJvc29keSBJTTEcMBoGA1UEAxMTRXhhbXBsZSBjZXJ0aWZp
-Y2F0ZTEhMB8GCSqGSIb3DQEJARYScHJvc29keUBwcm9zb2R5LmltMB4XDTA4MTEy
-OTE3MTQyNFoXDTA5MTEyOTE3MTQyNFowgY0xCzAJBgNVBAYTAkdCMRMwEQYDVQQI
-EwpTb21lLVN0YXRlMRMwEQYDVQQHEwpKYWJiZXJsYW5kMRMwEQYDVQQKEwpQcm9z
-b2R5IElNMRwwGgYDVQQDExNFeGFtcGxlIGNlcnRpZmljYXRlMSEwHwYJKoZIhvcN
-AQkBFhJwcm9zb2R5QHByb3NvZHkuaW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALVAPZ/hONuU5P1okNPNfE/bSDj3AsOrRb+Kj4a7MPyRzVCARAm5KvCkPwI3
-zfDoemp6PpjVk+K8buYTKD+FT3ZxHu8mVHOnnDid/Z3KjxXOh0q1fnzKCCWH49Lu
-hKz7AtAXxvyGvTqTrfquxYVu3U4jxNIVdy//8K0+qPt69aJTAgMBAAGjgfUwgfIw
-HQYDVR0OBBYEFA7Ehhe9zSpASafg6MXFXjAA5jTcMIHCBgNVHSMEgbowgbeAFA7E
-hhe9zSpASafg6MXFXjAA5jTcoYGTpIGQMIGNMQswCQYDVQQGEwJHQjETMBEGA1UE
-CBMKU29tZS1TdGF0ZTETMBEGA1UEBxMKSmFiYmVybGFuZDETMBEGA1UEChMKUHJv
-c29keSBJTTEcMBoGA1UEAxMTRXhhbXBsZSBjZXJ0aWZpY2F0ZTEhMB8GCSqGSIb3
-DQEJARYScHJvc29keUBwcm9zb2R5LmltggkA7oJ5lNWt8PAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQBCYiXpGULtMCsIi/yo3NxdeC7SjgsY8KKxxkB9
-VynZpC+R6+BMtEloOgl0uvjnGy1cu7l2ddQBN4NxpZjezo9KQjRjJxXSBgMKglXH
-ybsPjB5b61zmCnr/uvjuthRCVuHfcVD0wptoHkb1VDd+lQT1/+QQCm1hlDbgb8NI
-nfxA7A==
------END CERTIFICATE-----
diff --git a/certs/localhost.crt b/certs/localhost.crt
new file mode 100644
index 00000000..5156d307
--- /dev/null
+++ b/certs/localhost.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDojCCAwugAwIBAgIJAPO1OI+vmUi8MA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD
+VQQGEwJHQjETMBEGA1UECBMKSmFiYmVybGFuZDETMBEGA1UEChMKUHJvc29keSBJ
+TTE8MDoGA1UECxQzaHR0cDovL3Byb3NvZHkuaW0vZG9jL2FkdmFuY2VkX3NzbF90
+bHMjY2VydGlmaWNhdGVzMRwwGgYDVQQDExNFeGFtcGxlIGNlcnRpZmljYXRlMB4X
+DTA5MTAxNzE3MDc1NloXDTEwMTAxNzE3MDc1NlowgZMxCzAJBgNVBAYTAkdCMRMw
+EQYDVQQIEwpKYWJiZXJsYW5kMRMwEQYDVQQKEwpQcm9zb2R5IElNMTwwOgYDVQQL
+FDNodHRwOi8vcHJvc29keS5pbS9kb2MvYWR2YW5jZWRfc3NsX3RscyNjZXJ0aWZp
+Y2F0ZXMxHDAaBgNVBAMTE0V4YW1wbGUgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN5n5y7+A7V6WZ5n/+n4eqjHiQ+p0XD1BYA2435AgzKE
+R+ilmrCFv59aWVIi3jS0YB3goMmuSk8PLv8pi/rjEKYhzDoiuoW/LvzjK5pVzbFM
+NlkW5I0t4Lrjb2lMkxbQr/B/k07RDlJJJRTmr2j4N7vMoznVFbjQY6dRAv3svYZF
+AgMBAAGjgfswgfgwHQYDVR0OBBYEFJhMTxNc3LEYA1vm3v4sCdHzRnUDMIHIBgNV
+HSMEgcAwgb2AFJhMTxNc3LEYA1vm3v4sCdHzRnUDoYGZpIGWMIGTMQswCQYDVQQG
+EwJHQjETMBEGA1UECBMKSmFiYmVybGFuZDETMBEGA1UEChMKUHJvc29keSBJTTE8
+MDoGA1UECxQzaHR0cDovL3Byb3NvZHkuaW0vZG9jL2FkdmFuY2VkX3NzbF90bHMj
+Y2VydGlmaWNhdGVzMRwwGgYDVQQDExNFeGFtcGxlIGNlcnRpZmljYXRlggkA87U4
+j6+ZSLwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCtLrTOSpQn+j+/
+5zoiP5wAGLpdZE+Iatzd26QwVsL61zd5399nEb1yFs3Hl9jo4W3idyNoofa67atX
+2/+3juA0Q/oN/ZT16bWihmcrzv+Qd/CsQfMOZ5ApYV4SEw40L6GITtrZuBDjO4mU
+TavhtScoGRzrZavhJG+PyhDH0Scglg==
+-----END CERTIFICATE-----
diff --git a/certs/localhost.key b/certs/localhost.key
index 8fb6e514..93fae5ed 100644
--- a/certs/localhost.key
+++ b/certs/localhost.key
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC1QD2f4TjblOT9aJDTzXxP20g49wLDq0W/io+GuzD8kc1QgEQJ
-uSrwpD8CN83w6Hpqej6Y1ZPivG7mEyg/hU92cR7vJlRzp5w4nf2dyo8VzodKtX58
-ygglh+PS7oSs+wLQF8b8hr06k636rsWFbt1OI8TSFXcv//CtPqj7evWiUwIDAQAB
-AoGAbk0w83oxite630hiUrMLguGUuy3/Xap+YMlm/PwwHJRyWRolzbEFI7sgqS3i
-w0gHL4NDUuku/V3lM1jXNojfSNOq2T+M8L7G8q5e+Ch89RKiJvqKPqBsxu5bEL4m
-lyJi+Vt0SXUqJkxBHWLRJb8W6++aM2ByZ7CKDyjomg5fplkCQQDhnMMIyVSKM7a1
-VTbUbeqfcJmyDRaCkbA5X7NsEtatrEWusulFtPExCUUdpgFACJYj35PhCqLzmCpJ
-MxKL8zGdAkEAzanffEouT1eDlqdfLc/LVcKj3QTMmLck9KP0AhRy0vaiCqkYE/tE
-M+l9HTwxGmveLngfuw8p0HdztUFO6lAYrwJBAJhpHzRjVfIa51XuoCC3tGVLWvj2
-cHt6UhMgPIRI4a/njhdrk7zcdIeM3J0f1P5eDpdjZXIEjnqDFCXpE6Fpg90CQC1l
-a8FBlotI4/DjLO0tytI5TnZA0vB6rJubfQbggJ/0dLwpqvjuI5XZ2hYT7TrJyJc1
-SLu/kxlC5LWDnum1mF0CQDHt9x7DnGLquBhRUzcKmFcmaYsVl37A9tAfQSnrGqq+
-GBc3K1k0bhYc1/I1Ym1PfVCfLENXhhA0hHmaYviHF6U=
+MIICWwIBAAKBgQDeZ+cu/gO1elmeZ//p+Hqox4kPqdFw9QWANuN+QIMyhEfopZqw
+hb+fWllSIt40tGAd4KDJrkpPDy7/KYv64xCmIcw6IrqFvy784yuaVc2xTDZZFuSN
+LeC6429pTJMW0K/wf5NO0Q5SSSUU5q9o+De7zKM51RW40GOnUQL97L2GRQIDAQAB
+AoGAYaWw5Pr12en8CwaSX8GO6SeiT9Q5dqS9Y4u12iqs77MQd16uSi6O8YITkXJp
+qS5AvR1wutvhGFEMS0+Me/zRw62OFc2VVrKmX6eqgRMR8d/+SZjqzUxb4pNIAPQU
+dHbQzqGXermf6UWm6Cbi7vN0diohd8Qoj98PeWfRQrXju0kCQQD3OXD2SEevEhNe
+g4YTREsyUkZV1etkldhAeDAJzlitCQdQF5zE9Wt/Ahv0BKlLTaz3mvSDwrI+lXYQ
+1iDzOrXrAkEA5kzu1A3Y2gclyRupTg7crgp+afh1fLKCIVUaFdOYgwQDX90YnnIq
+TaY4uQ8Eutoixha4ZM4/bJq17YjjY1O4jwJAZMEHNYftlv7h3/HwMWfy0XZQbej5
+vwuGj3er9EMhRpvYXB7TaD2w6pkcdU11BViJtntzTUOKyxC0hlYOJbJ2swJAOL3N
+vhtnSVine6RAE4Zf4tWdDdj0gXOt0i6YjbYjhmwvtKfR0AAK4jTJFvdXT/48wReJ
++PRD9issFck7VRakiwJAPTgFUTsFCR1ZPcuCPHSCK/wz2NFma/O5Eqm0qTIbNUfw
+3qDRyUuKbyr3bAc+K+asN5ok2PAnhiRUIpu146M17w==
-----END RSA PRIVATE KEY-----
diff --git a/certs/openssl.cnf b/certs/openssl.cnf
new file mode 100644
index 00000000..091409c4
--- /dev/null
+++ b/certs/openssl.cnf
@@ -0,0 +1,52 @@
+oid_section = new_oids
+
+[ new_oids ]
+
+# RFC 6120 section 13.7.1.4. defines this OID
+xmppAddr = 1.3.6.1.5.5.7.8.5
+
+# RFC 4985 defines this OID
+SRVName = 1.3.6.1.5.5.7.8.7
+
+[ req ]
+
+default_bits = 4096
+default_keyfile = example.com.key
+distinguished_name = distinguished_name
+req_extensions = v3_extensions
+x509_extensions = v3_extensions
+
+# ask about the DN?
+prompt = no
+
+[ distinguished_name ]
+
+commonName = example.com
+countryName = GB
+localityName = The Internet
+organizationName = Your Organisation
+organizationalUnitName = XMPP Department
+emailAddress = xmpp@example.com
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectAltName = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
+
+DNS.0 = example.com
+otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com
+otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com
+otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com
+
+DNS.1 = conference.example.com
+otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
+otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com