aboutsummaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
Diffstat (limited to 'certs')
-rw-r--r--certs/Makefile42
-rw-r--r--certs/localhost.cnf4
2 files changed, 40 insertions, 6 deletions
diff --git a/certs/Makefile b/certs/Makefile
index 587fadc6..fd4a2932 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -15,16 +15,52 @@ keysize=2048
# To request a cert
%.csr: %.cnf %.key
- openssl req -new -key $(lastword $^) -out $@ -utf8 -config $(firstword $^)
+ openssl req -new -key $(lastword $^) \
+ -sha256 -utf8 -config $(firstword $^) -out $@
+
+%.csr: %.cnf
+ umask 0077 && touch $*.key
+ openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \
+ -sha256 -utf8 -config $^ -out $@
+ @chmod 400 $*.key
+
+%.csr: %.key
+ openssl req -new -key $^ -utf8 -subj /CN=$* -out $@
+
+%.csr:
+ umask 0077 && touch $*.key
+ openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \
+ -utf8 -subj /CN=$* -out $@
+ @chmod 400 $*.key
# Self signed
%.crt: %.cnf %.key
- openssl req -new -x509 -nodes -key $(lastword $^) -days 365 \
- -sha1 -out $@ -utf8 -config $(firstword $^)
+ openssl req -new -x509 -key $(lastword $^) -days 365 -sha256 -utf8 \
+ -config $(firstword $^) -out $@
+
+%.crt: %.cnf
+ umask 0077 && touch $*.key
+ openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \
+ -days 365 -sha256 -utf8 -config $(firstword $^) -out $@
+ @chmod 400 $*.key
+%.crt: %.key
+ openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@
+
+%.crt:
+ umask 0077 && touch $*.key
+ openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \
+ -days 365 -sha256 -out $@ -utf8 -subj /CN=$*
+ @chmod 400 $*.key
+
+# Generate a config from the example
%.cnf:
sed 's,example\.com,$*,g' openssl.cnf > $@
%.key:
umask 0077 && openssl genrsa -out $@ $(keysize)
@chmod 400 $@
+
+# Generate Diffie-Hellman parameters
+dh-%.pem:
+ openssl dhparam -out $@ $*
diff --git a/certs/localhost.cnf b/certs/localhost.cnf
index 41548534..a7dc6cfe 100644
--- a/certs/localhost.cnf
+++ b/certs/localhost.cnf
@@ -1,7 +1,5 @@
[v3_extensions]
-extendedKeyUsage = serverAuth,clientAuth
-keyUsage = digitalSignature,keyEncipherment
-basicConstraints = CA:FALSE
+basicConstraints = CA:TRUE
subjectAltName = @subject_alternative_name
[subject_alternative_name]