1 all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem agent5-cert.pem ca2-crl.pem ec-cert.pem dh512.pem dh1024.pem dh2048.pem rsa_private_1024.pem rsa_private_2048.pem rsa_private_4096.pem rsa_public_1024.pem rsa_public_2048.pem rsa_public_4096.pem
5 # Create Certificate Authority: ca1
6 # ('password' is used for the CA password.)
9 openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
12 # Create Certificate Authority: ca2
13 # ('password' is used for the CA password.)
16 openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
17 echo '01' > ca2-serial
18 touch ca2-database.txt
21 # Create Subordinate Certificate Authority: ca3
22 # ('password' is used for the CA password.)
25 openssl genrsa -out ca3-key.pem 1024
27 ca3-csr.pem: ca3.cnf ca3-key.pem
29 -extensions v3_ca -config ca3.cnf -key ca3-key.pem -out ca3-csr.pem
31 ca3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
36 -passin "pass:password" \
44 # agent1 is signed by ca1.
48 openssl genrsa -out agent1-key.pem 1024
50 agent1-csr.pem: agent1.cnf agent1-key.pem
51 openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem
53 agent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
58 -passin "pass:password" \
65 agent1-verify: agent1-cert.pem ca1-cert.pem
66 openssl verify -CAfile ca1-cert.pem agent1-cert.pem
70 # agent2 has a self signed cert
72 # Generate new private key
74 openssl genrsa -out agent2-key.pem 1024
76 # Create a Certificate Signing Request for the key
77 agent2-csr.pem: agent2-key.pem agent2.cnf
78 openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem
80 # Create a Certificate for the agent.
81 agent2-cert.pem: agent2-csr.pem agent2-key.pem
85 -signkey agent2-key.pem \
88 agent2-verify: agent2-cert.pem
89 openssl verify -CAfile agent2-cert.pem agent2-cert.pem
92 # agent3 is signed by ca2.
96 openssl genrsa -out agent3-key.pem 1024
98 agent3-csr.pem: agent3.cnf agent3-key.pem
99 openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem
101 agent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem
104 -passin "pass:password" \
111 agent3-verify: agent3-cert.pem ca2-cert.pem
112 openssl verify -CAfile ca2-cert.pem agent3-cert.pem
116 # agent4 is signed by ca2 (client cert)
120 openssl genrsa -out agent4-key.pem 1024
122 agent4-csr.pem: agent4.cnf agent4-key.pem
123 openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem
125 agent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem
128 -passin "pass:password" \
133 -extfile agent4.cnf \
134 -extensions ext_key_usage \
137 agent4-verify: agent4-cert.pem ca2-cert.pem
138 openssl verify -CAfile ca2-cert.pem agent4-cert.pem
141 # Make CRL with agent4 being rejected
143 ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
144 openssl ca -revoke agent4-cert.pem \
145 -keyfile ca2-key.pem \
148 -passin 'pass:password'
150 -keyfile ca2-key.pem \
155 -passin 'pass:password'
158 # agent5 is signed by ca2 (client cert)
162 openssl genrsa -out agent5-key.pem 1024
164 agent5-csr.pem: agent5.cnf agent5-key.pem
165 openssl req -new -config agent5.cnf -key agent5-key.pem -out agent5-csr.pem
167 agent5-cert.pem: agent5-csr.pem ca2-cert.pem ca2-key.pem
170 -passin "pass:password" \
175 -extfile agent5.cnf \
176 -extensions ext_key_usage \
179 agent5-verify: agent5-cert.pem ca2-cert.pem
180 openssl verify -CAfile ca2-cert.pem agent5-cert.pem
183 # agent6 is signed by ca3
187 openssl genrsa -out agent6-key.pem 1024
189 agent6-csr.pem: agent6.cnf agent6-key.pem
190 openssl req -new -config agent6.cnf -key agent6-key.pem -out agent6-csr.pem
192 agent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem
195 -passin "pass:password" \
200 -extfile agent6.cnf \
202 cat ca3-cert.pem >> agent6-cert.pem
204 agent6-verify: agent6-cert.pem ca3-cert.pem
205 openssl verify -CAfile ca3-cert.pem agent6-cert.pem
208 openssl ecparam -genkey -out ec-key.pem -name prime256v1
210 ec-csr.pem: ec-key.pem
211 openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
213 ec-cert.pem: ec-csr.pem ec-key.pem
217 -signkey ec-key.pem \
221 openssl dhparam -out dh512.pem 512
224 openssl dhparam -out dh1024.pem 1024
227 openssl dhparam -out dh2048.pem 2048
229 rsa_private_1024.pem:
230 openssl genrsa -out rsa_private_1024.pem 1024
232 rsa_private_2048.pem:
233 openssl genrsa -out rsa_private_2048.pem 2048
235 rsa_private_4096.pem:
236 openssl genrsa -out rsa_private_4096.pem 4096
238 rsa_public_1024.pem: rsa_private_1024.pem
239 openssl rsa -in rsa_private_1024.pem -out rsa_public_1024.pem
241 rsa_public_2048.pem: rsa_private_2048.pem
242 openssl rsa -in rsa_private_2048.pem -out rsa_public_2048.pem
244 rsa_public_4096.pem: rsa_private_4096.pem
245 openssl rsa -in rsa_private_4096.pem -out rsa_public_4096.pem
248 rm -f *.pem *.srl ca2-database.txt ca2-serial
250 test: agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify
253 .PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify