1 all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem agent5-cert.pem ca2-crl.pem ec-cert.pem dh512.pem dh1024.pem dh2048.pem dsa1025.pem dsa_private_1025.pem dsa_public_1025.pem rsa_private_1024.pem rsa_private_2048.pem rsa_private_4096.pem rsa_public_1024.pem rsa_public_2048.pem rsa_public_4096.pem
5 # Create Certificate Authority: ca1
6 # ('password' is used for the CA password.)
9 openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
12 # Create Certificate Authority: ca2
13 # ('password' is used for the CA password.)
16 openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
17 echo '01' > ca2-serial
18 touch ca2-database.txt
21 # Create Subordinate Certificate Authority: ca3
22 # ('password' is used for the CA password.)
25 openssl genrsa -out ca3-key.pem 1024
27 ca3-csr.pem: ca3.cnf ca3-key.pem
34 ca3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
39 -passin "pass:password" \
47 # Create Fake CNNIC Root Certificate Authority: fake-cnnic-root
50 fake-cnnic-root-key.pem:
51 openssl genrsa -out fake-cnnic-root-key.pem 2048
53 fake-cnnic-root-cert.pem: fake-cnnic-root.cnf fake-cnnic-root-key.pem
54 openssl req -x509 -new \
55 -key fake-cnnic-root-key.pem \
57 -out fake-cnnic-root-cert.pem \
58 -config fake-cnnic-root.cnf
61 # agent1 is signed by ca1.
65 openssl genrsa -out agent1-key.pem 1024
67 agent1-csr.pem: agent1.cnf agent1-key.pem
68 openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem
70 agent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
75 -passin "pass:password" \
82 agent1-verify: agent1-cert.pem ca1-cert.pem
83 openssl verify -CAfile ca1-cert.pem agent1-cert.pem
87 # agent2 has a self signed cert
89 # Generate new private key
91 openssl genrsa -out agent2-key.pem 1024
93 # Create a Certificate Signing Request for the key
94 agent2-csr.pem: agent2-key.pem agent2.cnf
95 openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem
97 # Create a Certificate for the agent.
98 agent2-cert.pem: agent2-csr.pem agent2-key.pem
102 -signkey agent2-key.pem \
105 agent2-verify: agent2-cert.pem
106 openssl verify -CAfile agent2-cert.pem agent2-cert.pem
109 # agent3 is signed by ca2.
113 openssl genrsa -out agent3-key.pem 1024
115 agent3-csr.pem: agent3.cnf agent3-key.pem
116 openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem
118 agent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem
121 -passin "pass:password" \
128 agent3-verify: agent3-cert.pem ca2-cert.pem
129 openssl verify -CAfile ca2-cert.pem agent3-cert.pem
133 # agent4 is signed by ca2 (client cert)
137 openssl genrsa -out agent4-key.pem 1024
139 agent4-csr.pem: agent4.cnf agent4-key.pem
140 openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem
142 agent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem
145 -passin "pass:password" \
150 -extfile agent4.cnf \
151 -extensions ext_key_usage \
154 agent4-verify: agent4-cert.pem ca2-cert.pem
155 openssl verify -CAfile ca2-cert.pem agent4-cert.pem
158 # Make CRL with agent4 being rejected
160 ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
161 openssl ca -revoke agent4-cert.pem \
162 -keyfile ca2-key.pem \
165 -passin 'pass:password'
167 -keyfile ca2-key.pem \
172 -passin 'pass:password'
175 # agent5 is signed by ca2 (client cert)
179 openssl genrsa -out agent5-key.pem 1024
181 agent5-csr.pem: agent5.cnf agent5-key.pem
182 openssl req -new -config agent5.cnf -key agent5-key.pem -out agent5-csr.pem
184 agent5-cert.pem: agent5-csr.pem ca2-cert.pem ca2-key.pem
187 -passin "pass:password" \
192 -extfile agent5.cnf \
193 -extensions ext_key_usage \
196 agent5-verify: agent5-cert.pem ca2-cert.pem
197 openssl verify -CAfile ca2-cert.pem agent5-cert.pem
200 # agent6 is signed by ca3
204 openssl genrsa -out agent6-key.pem 1024
206 agent6-csr.pem: agent6.cnf agent6-key.pem
207 openssl req -new -config agent6.cnf -key agent6-key.pem -out agent6-csr.pem
209 agent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem
212 -passin "pass:password" \
217 -extfile agent6.cnf \
219 cat ca3-cert.pem >> agent6-cert.pem
221 agent6-verify: agent6-cert.pem ca3-cert.pem
222 openssl verify -CAfile ca3-cert.pem agent6-cert.pem
225 # agent7 is signed by fake-cnnic-root.
229 openssl genrsa -out agent7-key.pem 2048
231 agent7-csr.pem: agent1.cnf agent7-key.pem
232 openssl req -new -config agent7.cnf -key agent7-key.pem -out agent7-csr.pem
234 agent7-cert.pem: agent7-csr.pem fake-cnnic-root-cert.pem fake-cnnic-root-key.pem
236 -extfile agent7.cnf \
238 -passin "pass:password" \
240 -CA fake-cnnic-root-cert.pem \
241 -CAkey fake-cnnic-root-key.pem \
245 agent7-verify: agent7-cert.pem fake-cnnic-root-cert.pem
246 openssl verify -CAfile fake-cnnic-root-cert.pem agent7-cert.pem
249 openssl ecparam -genkey -out ec-key.pem -name prime256v1
251 ec-csr.pem: ec-key.pem
252 openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
254 ec-cert.pem: ec-csr.pem ec-key.pem
258 -signkey ec-key.pem \
262 openssl dhparam -out dh512.pem 512
265 openssl dhparam -out dh1024.pem 1024
268 openssl dhparam -out dh2048.pem 2048
271 openssl dsaparam -out dsa1025.pem 1025
273 dsa_private_1025.pem:
274 openssl gendsa -out dsa_private_1025.pem dsa1025.pem
277 openssl dsa -in dsa_private_1025.pem -pubout -out dsa_public_1025.pem
279 rsa_private_1024.pem:
280 openssl genrsa -out rsa_private_1024.pem 1024
282 rsa_private_2048.pem:
283 openssl genrsa -out rsa_private_2048.pem 2048
285 rsa_private_4096.pem:
286 openssl genrsa -out rsa_private_4096.pem 4096
288 rsa_public_1024.pem: rsa_private_1024.pem
289 openssl rsa -in rsa_private_1024.pem -out rsa_public_1024.pem
291 rsa_public_2048.pem: rsa_private_2048.pem
292 openssl rsa -in rsa_private_2048.pem -out rsa_public_2048.pem
294 rsa_public_4096.pem: rsa_private_4096.pem
295 openssl rsa -in rsa_private_4096.pem -out rsa_public_4096.pem
298 rm -f *.pem *.srl ca2-database.txt ca2-serial
300 test: agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify
303 .PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify