From: W. Trevor King <wking@tremily.us>
Date: Fri, 14 Feb 2014 22:54:21 +0000 (-0800)
Subject: x.509/Makefile-stunnel: Add a basic Makefile for creating self-signed certs
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=3b47eafb0c9b88f07320f4e42867d56e7cb6f17e;p=dockerfile.git

x.509/Makefile-stunnel: Add a basic Makefile for creating self-signed certs

This is similar to Makefile-server, but it only creates a single
key/certificate pair.  It also bundles the private key and certificate
together in stunnel.pem, which is the format the stunnel image expects
(mount it at the container's /etc/stunnel/stunnel.pem).
---

diff --git a/x.509/Makefile-stunnel b/x.509/Makefile-stunnel
new file mode 100644
index 0000000..a0a235c
--- /dev/null
+++ b/x.509/Makefile-stunnel
@@ -0,0 +1,45 @@
+# Create self-signed certificates with GnuTLS [1]
+#
+# This is useful for testing with the stunnel container.
+#
+# You should probably write your own templates [2], but if you don't
+# this Makefile will use ORGANIZATION to create a very basic template.
+#
+# [1]: http://www.gnutls.org/
+# [2]: http://www.gnutls.org/manual/html_node/certtool-Invocation.html#Certtool_0027s-template-file-format
+
+ORGANIZATION ?= Example, Inc.
+DOMAIN ?= example.com
+
+CA_KEY ?= /etc/ssl/ca/key.pem
+CA_CERT ?= /etc/ssl/ca/ca.pem
+
+.PRECIOUS: %.tmpl %.key %.cert %.pem
+
+all: stunnel.pem
+
+clean:
+	rm -f key.pem cert.pem stunnel.pem
+
+cert.tmpl:
+	echo 'organization = $(ORGANIZATION)' > "$@"
+	echo 'cn = $(DOMAIN)' >> "$@"
+	echo 'dns_name = $(DOMAIN)' >> "$@"
+	echo 'tls_www_server' >> "$@"
+	echo 'encryption_key' >> "$@"
+
+key.pem:
+	certtool --generate-privkey --outfile "$@"
+
+cert.pem: cert.tmpl key.pem $(CA_KEY) $(CA_CERT)
+	certtool --generate-certificate \
+		--template cert.tmpl \
+		--load-privkey key.pem \
+		--load-ca-privkey "$(CA_KEY)" \
+		--load-ca-certificate "$(CA_CERT)" \
+		--outfile "$@"
+
+stunnel.pem: key.pem cert.pem
+	touch "$@"
+	chmod 600 "$@"
+	cat $^ > "$@"