x.509/Makefile-ca: Add a basic Makefile for creating self-signed CAs

diff --git a/x.509/Makefile-ca b/x.509/Makefile-ca
new file mode 100644 (file)
index 0000000..aff2f69
--- /dev/null
+++ b/x.509/Makefile-ca
@@ -0,0 +1,34 @@
+# Create a self-signed certificate authority with GnuTLS [1]
+#
+# You should probably write your own template [2], but if you don't
+# this Makefile will use CN and CRL_DIST_POINTS to create a very basic
+# template.
+#
+# [1]: http://www.gnutls.org/
+# [2]: http://www.gnutls.org/manual/html_node/certtool-Invocation.html#Certtool_0027s-template-file-format
+
+CN ?= Example Certificate Authority
+CRL_DIST_POINTS ?= https://example.com/crl/
+
+.PRECIOUS: %.tmpl %.pem
+
+all: ca.pem
+
+clean:
+       rm -f key.pem ca.pem
+
+key.pem:
+       certtool --generate-privkey --outfile "$@"
+
+ca.tmpl:
+       echo 'cn = "$(CN)"' > "$@"
+       echo 'expiration_days = 800' >> "$@"
+       echo 'crl_dist_points = $(CRL_DIST_POINTS)' >> "$@"
+       echo 'ca' >> "$@"
+       echo 'cert_signing_key' >> "$@"
+
+ca.pem: ca.tmpl key.pem
+       certtool --generate-self-signed \
+               --template ca.tmpl \
+               --load-privkey key.pem \
+               --outfile "$@"