From: W. Trevor King Date: Fri, 14 Feb 2014 22:31:59 +0000 (-0800) Subject: x.509/Makefile-ca: Add a basic Makefile for creating self-signed CAs X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5803264af0e6cdfadab28a24987a94bfac1df52e;p=dockerfile.git x.509/Makefile-ca: Add a basic Makefile for creating self-signed CAs --- diff --git a/x.509/Makefile-ca b/x.509/Makefile-ca new file mode 100644 index 0000000..aff2f69 --- /dev/null +++ b/x.509/Makefile-ca @@ -0,0 +1,34 @@ +# Create a self-signed certificate authority with GnuTLS [1] +# +# You should probably write your own template [2], but if you don't +# this Makefile will use CN and CRL_DIST_POINTS to create a very basic +# template. +# +# [1]: http://www.gnutls.org/ +# [2]: http://www.gnutls.org/manual/html_node/certtool-Invocation.html#Certtool_0027s-template-file-format + +CN ?= Example Certificate Authority +CRL_DIST_POINTS ?= https://example.com/crl/ + +.PRECIOUS: %.tmpl %.pem + +all: ca.pem + +clean: + rm -f key.pem ca.pem + +key.pem: + certtool --generate-privkey --outfile "$@" + +ca.tmpl: + echo 'cn = "$(CN)"' > "$@" + echo 'expiration_days = 800' >> "$@" + echo 'crl_dist_points = $(CRL_DIST_POINTS)' >> "$@" + echo 'ca' >> "$@" + echo 'cert_signing_key' >> "$@" + +ca.pem: ca.tmpl key.pem + certtool --generate-self-signed \ + --template ca.tmpl \ + --load-privkey key.pem \ + --outfile "$@"