1 all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem agent5-cert.pem ca2-crl.pem ec-cert.pem dh512.pem dh1024.pem dh2048.pem
5 # Create Certificate Authority: ca1
6 # ('password' is used for the CA password.)
9 openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
12 # Create Certificate Authority: ca2
13 # ('password' is used for the CA password.)
16 openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
17 echo '01' > ca2-serial
18 touch ca2-database.txt
22 # agent1 is signed by ca1.
26 openssl genrsa -out agent1-key.pem 1024
28 agent1-csr.pem: agent1.cnf agent1-key.pem
29 openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem
31 agent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
36 -passin "pass:password" \
43 agent1-verify: agent1-cert.pem ca1-cert.pem
44 openssl verify -CAfile ca1-cert.pem agent1-cert.pem
48 # agent2 has a self signed cert
50 # Generate new private key
52 openssl genrsa -out agent2-key.pem 1024
54 # Create a Certificate Signing Request for the key
55 agent2-csr.pem: agent2-key.pem agent2.cnf
56 openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem
58 # Create a Certificate for the agent.
59 agent2-cert.pem: agent2-csr.pem agent2-key.pem
63 -signkey agent2-key.pem \
66 agent2-verify: agent2-cert.pem
67 openssl verify -CAfile agent2-cert.pem agent2-cert.pem
70 # agent3 is signed by ca2.
74 openssl genrsa -out agent3-key.pem 1024
76 agent3-csr.pem: agent3.cnf agent3-key.pem
77 openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem
79 agent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem
82 -passin "pass:password" \
89 agent3-verify: agent3-cert.pem ca2-cert.pem
90 openssl verify -CAfile ca2-cert.pem agent3-cert.pem
94 # agent4 is signed by ca2 (client cert)
98 openssl genrsa -out agent4-key.pem 1024
100 agent4-csr.pem: agent4.cnf agent4-key.pem
101 openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem
103 agent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem
106 -passin "pass:password" \
111 -extfile agent4.cnf \
112 -extensions ext_key_usage \
115 agent4-verify: agent4-cert.pem ca2-cert.pem
116 openssl verify -CAfile ca2-cert.pem agent4-cert.pem
119 # Make CRL with agent4 being rejected
121 ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
122 openssl ca -revoke agent4-cert.pem \
123 -keyfile ca2-key.pem \
126 -passin 'pass:password'
128 -keyfile ca2-key.pem \
133 -passin 'pass:password'
136 # agent5 is signed by ca2 (client cert)
140 openssl genrsa -out agent5-key.pem 1024
142 agent5-csr.pem: agent5.cnf agent5-key.pem
143 openssl req -new -config agent5.cnf -key agent5-key.pem -out agent5-csr.pem
145 agent5-cert.pem: agent5-csr.pem ca2-cert.pem ca2-key.pem
148 -passin "pass:password" \
153 -extfile agent5.cnf \
154 -extensions ext_key_usage \
157 agent5-verify: agent5-cert.pem ca2-cert.pem
158 openssl verify -CAfile ca2-cert.pem agent5-cert.pem
161 openssl ecparam -genkey -out ec-key.pem -name prime256v1
163 ec-csr.pem: ec-key.pem
164 openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
166 ec-cert.pem: ec-csr.pem ec-key.pem
170 -signkey ec-key.pem \
174 openssl dhparam -out dh512.pem 512
177 openssl dhparam -out dh1024.pem 1024
180 openssl dhparam -out dh2048.pem 2048
183 rm -f *.pem *.srl ca2-database.txt ca2-serial
185 test: agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify
188 .PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify