From 55550dd2d0b3d09932cfe13865a766af43d99314 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Fri, 14 Feb 2014 14:47:25 -0800 Subject: [PATCH] x.509/Makefile-server: Add a basic Makefile for creating self-signed certs This requires a local CA, which you can build using Makefile-ca. Use CA_KEY and CA_CERT to point at your local CA: $ make -f Makefile-ca $ make -f Makefile-server CA_KEY=key.pem CA_CERT=ca.pem --- x.509/Makefile-server | 53 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 x.509/Makefile-server diff --git a/x.509/Makefile-server b/x.509/Makefile-server new file mode 100644 index 0000000..247a55c --- /dev/null +++ b/x.509/Makefile-server @@ -0,0 +1,53 @@ +# Create self-signed certificates with GnuTLS [1] +# +# This is useful for testing with the nginx-proxy container. +# +# You should probably write your own templates [2], but if you don't +# this Makefile will use ORGANIZATION to create a very basic template. +# +# [1]: http://www.gnutls.org/ +# [2]: http://www.gnutls.org/manual/html_node/certtool-Invocation.html#Certtool_0027s-template-file-format + +ORGANIZATION ?= Example, Inc. +DOMAIN ?= example.com +HOSTS ?= www static media kibana es +DEFAULT ?= www.$(DOMAIN) + +CA_KEY ?= /etc/ssl/ca/key.pem +CA_CERT ?= /etc/ssl/ca/ca.pem + +FQDNS = $(patsubst %, %.$(DOMAIN), $(HOSTS)) +KEYS = $(patsubst %, %.key, $(FQDNS)) +CERTS = $(patsubst %, %.cert, $(FQDNS)) +CHAINED_CERTS = $(patsubst %, %.pem, $(FQDNS)) + +.PRECIOUS: %.tmpl %.key %.cert %.pem + +all: $(KEYS) $(CHAINED_CERTS) nginx.key nginx.pem + +clean: + rm -f *.tmpl *.key *.cert *.pem + +%.tmpl: + echo 'organization = $(ORGANIZATION)' > "$@" + echo 'cn = $*' >> "$@" + echo 'dns_name = $*' >> "$@" + echo 'tls_www_server' >> "$@" + echo 'encryption_key' >> "$@" + +$(KEYS): %.key: + certtool --generate-privkey --outfile "$@" + +$(CERTS): %.cert: %.tmpl %.key $(CA_KEY) $(CA_CERT) + certtool --generate-certificate \ + --template "$*.tmpl" \ + --load-privkey "$*.key" \ + --load-ca-privkey "$(CA_KEY)" \ + --load-ca-certificate "$(CA_CERT)" \ + --outfile "$@" + +$(CHAINED_CERTS): %.pem: %.cert $(CA_CERT) + cat $^ > "$@" + +nginx.%: $(DEFAULT).% + ln -s "$<" "$@" -- 2.26.2