Last active
November 6, 2018 16:13
-
-
Save bzed/c542176287afa7cd7e8d0ff71cfde818 to your computer and use it in GitHub Desktop.
Makefile to handle ssl certs/intermediate files/DHs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/make -f | |
CRTS := $(wildcard *.crt) | |
PEMS := $(shell echo $(CRTS) | sed 's,\.crt,.pem,g') | |
OCSPS := $(shell echo $(CRTS) | sed 's,\.crt,.ocsp,g') | |
DHS := $(shell echo $(CRTS) | sed 's,\.crt,.dh,g') | |
all: $(PEMS) $(OCSPS) $(DHS) | |
chmod 600 *.key | |
chmod 640 *.pem | |
chmod 660 *.ocsp | |
%.pem: %.key %.crt %.ca %.dh | |
cat $*.key $*.crt $*.ca $*.dh > $@ | |
chmod 640 $@ | |
%.ca: %.crt | |
wget -q -O - $$(openssl x509 -in $*.crt -text | grep 'CA Issuer' | sed 's,.*URI:,,') | openssl x509 -inform DER -outform pem -out $@ | |
%.csr %.key: | |
openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout $*.key -out $*.csr | |
%.ocsp: FORCE %.crt | |
openssl ocsp -noverify -issuer $*.ca -cert $*.crt -url $$(openssl x509 -in $*.crt -text | grep OCSP | sed 's,.*URI:,,') -no_nonce -header Host=$$(openssl x509 -in $*.crt -text | grep OCSP | sed 's,.*URI:,,;s,^http://,,') -respout $*.ocsp.new 1>/dev/null | |
mv $*.ocsp.new $*.ocsp | |
touch $@ | |
chmod 660 $@ | |
FORCE: | |
%.dh: | |
openssl dhparam 2048 > $@ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment