From 5803264af0e6cdfadab28a24987a94bfac1df52e Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Fri, 14 Feb 2014 14:31:59 -0800
Subject: [PATCH] x.509/Makefile-ca: Add a basic Makefile for creating
 self-signed CAs

---
 x.509/Makefile-ca | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 x.509/Makefile-ca

diff --git a/x.509/Makefile-ca b/x.509/Makefile-ca
new file mode 100644
index 0000000..aff2f69
--- /dev/null
+++ b/x.509/Makefile-ca
@@ -0,0 +1,34 @@
+# Create a self-signed certificate authority with GnuTLS [1]
+#
+# You should probably write your own template [2], but if you don't
+# this Makefile will use CN and CRL_DIST_POINTS to create a very basic
+# template.
+#
+# [1]: http://www.gnutls.org/
+# [2]: http://www.gnutls.org/manual/html_node/certtool-Invocation.html#Certtool_0027s-template-file-format
+
+CN ?= Example Certificate Authority
+CRL_DIST_POINTS ?= https://example.com/crl/
+
+.PRECIOUS: %.tmpl %.pem
+
+all: ca.pem
+
+clean:
+	rm -f key.pem ca.pem
+
+key.pem:
+	certtool --generate-privkey --outfile "$@"
+
+ca.tmpl:
+	echo 'cn = "$(CN)"' > "$@"
+	echo 'expiration_days = 800' >> "$@"
+	echo 'crl_dist_points = $(CRL_DIST_POINTS)' >> "$@"
+	echo 'ca' >> "$@"
+	echo 'cert_signing_key' >> "$@"
+
+ca.pem: ca.tmpl key.pem
+	certtool --generate-self-signed \
+		--template ca.tmpl \
+		--load-privkey key.pem \
+		--outfile "$@"
-- 
2.26.2