1 # Create self-signed certificates with GnuTLS [1]
3 # This is useful for testing with the nginx-proxy container.
5 # You should probably write your own templates [2], but if you don't
6 # this Makefile will use ORGANIZATION to create a very basic template.
8 # [1]: http://www.gnutls.org/
9 # [2]: http://www.gnutls.org/manual/html_node/certtool-Invocation.html#Certtool_0027s-template-file-format
11 ORGANIZATION ?= Example, Inc.
13 HOSTS ?= www static media kibana es
14 DEFAULT ?= www.$(DOMAIN)
15 FQDNS ?= $(patsubst %, %.$(DOMAIN), $(HOSTS))
17 CA_KEY ?= /etc/ssl/ca/key.pem
18 CA_CERT ?= /etc/ssl/ca/ca.pem
20 KEYS = $(patsubst %, %.key, $(FQDNS))
21 CERTS = $(patsubst %, %.cert, $(FQDNS))
22 CHAINED_CERTS = $(patsubst %, %.pem, $(FQDNS))
24 .PRECIOUS: %.tmpl %.key %.cert %.pem
26 all: $(KEYS) $(CHAINED_CERTS) nginx.key nginx.pem
29 rm -f *.tmpl *.key *.cert *.pem
32 echo 'organization = $(ORGANIZATION)' > "$@"
33 echo 'cn = $*' >> "$@"
34 echo 'dns_name = $*' >> "$@"
35 echo 'tls_www_server' >> "$@"
36 echo 'encryption_key' >> "$@"
39 certtool --generate-privkey --outfile "$@"
41 $(CERTS): %.cert: %.tmpl %.key $(CA_KEY) $(CA_CERT)
42 certtool --generate-certificate \
43 --template "$*.tmpl" \
44 --load-privkey "$*.key" \
45 --load-ca-privkey "$(CA_KEY)" \
46 --load-ca-certificate "$(CA_CERT)" \
49 $(CHAINED_CERTS): %.pem: %.cert $(CA_CERT)