igalic/Makefile

## Makefile
root_DN = /CN=Esotericsystems Root Authority/C=AT/
issuing_DN = /CN=Esotericsystems Issuing Authority/C=AT/

passphrase:
        echo -n changeme > $@

#
# Create param files, keys and Self-Signed Certificate for the Root CA
#
root-ca-dsa.param: passphrase
        openssl genpkey -genparam -algorithm DSA -out $@ -pkeyopt dsa_paramgen_bits:2048

root-ca-dsa_enc.key: root-ca-dsa.param
        openssl genpkey -paramfile root-ca-dsa.param  -camellia-256-ecb -pass file:passphrase -out $@

root-ca-dsa.key: root-ca-dsa.param passphrase
        openssl genpkey -paramfile root-ca-dsa.param -out $@


root-ca: root-ca-dsa_enc.key
        openssl req -batch -new -x509 -days 13650 -key root-ca-dsa_enc.key -passin file:passphrase -subj "$(root_DN)" -utf8 -extensions v3_ca -out $@.pem

#
# Create param files, keys and Certificate Request for Issuing CA
#
issuing-ca-dsa.param: passphrase
        openssl genpkey -genparam -algorithm DSA -out $@ -pkeyopt dsa_paramgen_bits:2048

issuing-ca-dsa_enc.key: issuing-ca-dsa.param passphrase
        openssl genpkey -paramfile issuing-ca-dsa.param -camellia-256-ecb -pass file:passphrase -out $@

issuing-ca.csr: issuing-ca-dsa_enc.key
        openssl req -new -key issuing-ca-dsa_enc.key -passin file:passphrase -subj "$(issuing_DN)" -utf8 -out $@

#
# Sign CSR with Root CA.
#
issuing-ca: issuing-ca.csr root-ca
        openssl x509 -req -in issuing-ca.csr -CA root-ca.pem -CAkey root-ca-dsa_enc.key -passin file:passphrase -CAcreateserial -extfile openssl.cnf -extensions v3_ca -days 1365 -out $@.pem


#
# Create an RSA key
# Example: make create-rsa_enc.key KEY=blag.es.at.key
#
create-rsa_enc.key: passphrase
        openssl genpkey -algorithm RSA -camellia-256-ecb -pass file:passphrase -out $(KEY) -pkeyopt rsa_keygen_bits:2048

create-rsa.key:
        openssl genpkey -algorithm RSA -out $(KEY) -pkeyopt rsa_keygen_bits:2048

#
# Create a Certificate Signing request:
# Example: make create-csr KEY=blag.es.at.key CSR=blag.es.at.csr DN='/CN=blag.es.at/C=AT/'
#
create-csr:
        openssl req -new -key "$(KEY)" -passin file:passphrase -out "$(CSR)" -subj "$(DN)"

#
# And finally, sign this certificate request:
# Example: make sign-cert CSR=blag.es.at.csr PEM=blag.es.at.pem
#
sign-cert:
        openssl x509 -req -in "$(CSR)" -CA issuing-ca.pem -CAkey issuing-ca-dsa_enc.key -passin file:passphrase -CAcreateserial -extfile openssl.cnf -extensions usr_cert -days 1365 -out $(PEM)


.PHONY: clean
clean:
        rm -rf passphrase *.key *.csr *.param *.pem *.srl
	root_DN = /CN=Esotericsystems Root Authority/C=AT/
	issuing_DN = /CN=Esotericsystems Issuing Authority/C=AT/

	passphrase:
	echo -n changeme > $@

	#
	# Create param files, keys and Self-Signed Certificate for the Root CA
	#
	root-ca-dsa.param: passphrase
	openssl genpkey -genparam -algorithm DSA -out $@ -pkeyopt dsa_paramgen_bits:2048

	root-ca-dsa_enc.key: root-ca-dsa.param
	openssl genpkey -paramfile root-ca-dsa.param -camellia-256-ecb -pass file:passphrase -out $@

	root-ca-dsa.key: root-ca-dsa.param passphrase
	openssl genpkey -paramfile root-ca-dsa.param -out $@


	root-ca: root-ca-dsa_enc.key
	openssl req -batch -new -x509 -days 13650 -key root-ca-dsa_enc.key -passin file:passphrase -subj "$(root_DN)" -utf8 -extensions v3_ca -out $@.pem

	#
	# Create param files, keys and Certificate Request for Issuing CA
	#
	issuing-ca-dsa.param: passphrase
	openssl genpkey -genparam -algorithm DSA -out $@ -pkeyopt dsa_paramgen_bits:2048

	issuing-ca-dsa_enc.key: issuing-ca-dsa.param passphrase
	openssl genpkey -paramfile issuing-ca-dsa.param -camellia-256-ecb -pass file:passphrase -out $@

	issuing-ca.csr: issuing-ca-dsa_enc.key
	openssl req -new -key issuing-ca-dsa_enc.key -passin file:passphrase -subj "$(issuing_DN)" -utf8 -out $@

	#
	# Sign CSR with Root CA.
	#
	issuing-ca: issuing-ca.csr root-ca
	openssl x509 -req -in issuing-ca.csr -CA root-ca.pem -CAkey root-ca-dsa_enc.key -passin file:passphrase -CAcreateserial -extfile openssl.cnf -extensions v3_ca -days 1365 -out $@.pem


	#
	# Create an RSA key
	# Example: make create-rsa_enc.key KEY=blag.es.at.key
	#
	create-rsa_enc.key: passphrase
	openssl genpkey -algorithm RSA -camellia-256-ecb -pass file:passphrase -out $(KEY) -pkeyopt rsa_keygen_bits:2048

	create-rsa.key:
	openssl genpkey -algorithm RSA -out $(KEY) -pkeyopt rsa_keygen_bits:2048

	#
	# Create a Certificate Signing request:
	# Example: make create-csr KEY=blag.es.at.key CSR=blag.es.at.csr DN='/CN=blag.es.at/C=AT/'
	#
	create-csr:
	openssl req -new -key "$(KEY)" -passin file:passphrase -out "$(CSR)" -subj "$(DN)"

	#
	# And finally, sign this certificate request:
	# Example: make sign-cert CSR=blag.es.at.csr PEM=blag.es.at.pem
	#
	sign-cert:
	openssl x509 -req -in "$(CSR)" -CA issuing-ca.pem -CAkey issuing-ca-dsa_enc.key -passin file:passphrase -CAcreateserial -extfile openssl.cnf -extensions usr_cert -days 1365 -out $(PEM)


	.PHONY: clean
	clean:
	rm -rf passphrase .key .csr .param .pem *.srl