From 22f1422f51beee193f64a6e2c6c3986431922f0b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 23 Dec 2015 12:07:03 +0100 Subject: certs/Makefile: Run key generation with a stricter umask (fixes a race condition) --- certs/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'certs/Makefile') diff --git a/certs/Makefile b/certs/Makefile index f3854c5f..c709ff91 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -26,5 +26,5 @@ keysize=2048 sed 's,example\.com,$*,g' openssl.cnf > $@ %.key: - openssl genrsa $(keysize) > $@ - @chmod 400 $@ + umask 0077 && openssl genrsa -out $@ $(keysize) + @chmod 400 $@ -c -- cgit v1.2.3 From ce293a372a2f86fc796cc43568a7124689ce3862 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 23 Dec 2015 12:10:26 +0100 Subject: certs/Makefile: Add targets for any combination of already existing config, key file --- certs/Makefile | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) (limited to 'certs/Makefile') diff --git a/certs/Makefile b/certs/Makefile index f3854c5f..6ffb6bd7 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,13 +15,46 @@ keysize=2048 # To request a cert %.csr: %.cnf %.key - openssl req -new -key $(lastword $^) -out $@ -utf8 -config $(firstword $^) + openssl req -new -key $(lastword $^) \ + -sha256 -utf8 -config $(firstword $^) -out $@ + +%.csr: %.cnf + umask 0077 && touch $*.key + openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -sha256 -utf8 -config $^ -out $@ + @chmod 400 $*.key -c + +%.csr: %.key + openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ + +%.csr: + umask 0077 && touch $*.key + openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -utf8 -subj /CN=$* -out $@ + @chmod 400 $*.key -c # Self signed %.crt: %.cnf %.key - openssl req -new -x509 -nodes -key $(lastword $^) -days 365 \ - -sha1 -out $@ -utf8 -config $(firstword $^) + openssl req -new -x509 -key $(lastword $^) -days 365 -sha256 -utf8 \ + -config $(firstword $^) -out $@ + +%.crt: %.cnf + umask 0077 && touch $*.key + openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ + @chmod 400 $*.key -c + +%.crt: %.key + openssl req -new -x509 -nodes -key $^ -days 365 \ + -sha256 -out $@ -utf8 -config $(firstword $^) + +%.crt: + umask 0077 && touch $*.key + openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ + -days 365 -sha256 -out $@ -utf8 -subj /CN=$* + @chmod 400 $*.key -c +# Generate a config from the example %.cnf: sed 's,example\.com,$*,g' openssl.cnf > $@ -- cgit v1.2.3 From b50935a87c03246fac1541b275da4464a5b63b3b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 24 Dec 2015 10:39:13 +0100 Subject: certs/Makefile: Fix generating cert from only a key (no config then) --- certs/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'certs/Makefile') diff --git a/certs/Makefile b/certs/Makefile index 534aa0d4..96361748 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -45,8 +45,7 @@ keysize=2048 @chmod 400 $*.key -c %.crt: %.key - openssl req -new -x509 -nodes -key $^ -days 365 \ - -sha256 -out $@ -utf8 -config $(firstword $^) + openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ %.crt: umask 0077 && touch $*.key -- cgit v1.2.3