test/fixtures/keys/Makefile

   1 all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem ca2-crl.pem ec-cert.pem
   2
   3
   4 #
   5 # Create Certificate Authority: ca1
   6 # ('password' is used for the CA password.)
   7 #
   8 ca1-cert.pem: ca1.cnf
   9         openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
  10
  11 #
  12 # Create Certificate Authority: ca2
  13 # ('password' is used for the CA password.)
  14 #
  15 ca2-cert.pem: ca2.cnf
  16         openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
  17         echo '01' > ca2-serial
  18         touch ca2-database.txt
  19
  20
  21 #
  22 # agent1 is signed by ca1.
  23 #
  24
  25 agent1-key.pem:
  26         openssl genrsa -out agent1-key.pem 1024
  27
  28 agent1-csr.pem: agent1.cnf agent1-key.pem
  29         openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem
  30
  31 agent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
  32         openssl x509 -req \
  33                 -extfile agent1.cnf \
  34                 -extensions v3_ca \
  35                 -days 9999 \
  36                 -passin "pass:password" \
  37                 -in agent1-csr.pem \
  38                 -CA ca1-cert.pem \
  39                 -CAkey ca1-key.pem \
  40                 -CAcreateserial \
  41                 -out agent1-cert.pem
  42
  43 agent1-verify: agent1-cert.pem ca1-cert.pem
  44         openssl verify -CAfile ca1-cert.pem agent1-cert.pem
  45
  46
  47 #
  48 # agent2 has a self signed cert
  49 #
  50 # Generate new private key
  51 agent2-key.pem:
  52         openssl genrsa -out agent2-key.pem 1024
  53
  54 # Create a Certificate Signing Request for the key
  55 agent2-csr.pem: agent2-key.pem agent2.cnf
  56         openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem
  57
  58 # Create a Certificate for the agent.
  59 agent2-cert.pem: agent2-csr.pem agent2-key.pem
  60         openssl x509 -req \
  61                 -days 9999 \
  62                 -in agent2-csr.pem \
  63                 -signkey agent2-key.pem \
  64                 -out agent2-cert.pem
  65
  66 agent2-verify: agent2-cert.pem
  67         openssl verify -CAfile agent2-cert.pem agent2-cert.pem
  68
  69 #
  70 # agent3 is signed by ca2.
  71 #
  72
  73 agent3-key.pem:
  74         openssl genrsa -out agent3-key.pem 1024
  75
  76 agent3-csr.pem: agent3.cnf agent3-key.pem
  77         openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem
  78
  79 agent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem
  80         openssl x509 -req \
  81                 -days 9999 \
  82                 -passin "pass:password" \
  83                 -in agent3-csr.pem \
  84                 -CA ca2-cert.pem \
  85                 -CAkey ca2-key.pem \
  86                 -CAcreateserial \
  87                 -out agent3-cert.pem
  88
  89 agent3-verify: agent3-cert.pem ca2-cert.pem
  90         openssl verify -CAfile ca2-cert.pem agent3-cert.pem
  91
  92
  93 #
  94 # agent4 is signed by ca2 (client cert)
  95 #
  96
  97 agent4-key.pem:
  98         openssl genrsa -out agent4-key.pem 1024
  99
 100 agent4-csr.pem: agent4.cnf agent4-key.pem
 101         openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem
 102
 103 agent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem
 104         openssl x509 -req \
 105                 -days 9999 \
 106                 -passin "pass:password" \
 107                 -in agent4-csr.pem \
 108                 -CA ca2-cert.pem \
 109                 -CAkey ca2-key.pem \
 110                 -CAcreateserial \
 111                 -extfile agent4.cnf \
 112                 -extensions ext_key_usage \
 113                 -out agent4-cert.pem
 114
 115 agent4-verify: agent4-cert.pem ca2-cert.pem
 116         openssl verify -CAfile ca2-cert.pem agent4-cert.pem
 117
 118 #
 119 # Make CRL with agent4 being rejected
 120 #
 121 ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
 122         openssl ca -revoke agent4-cert.pem \
 123                 -keyfile ca2-key.pem \
 124                 -cert ca2-cert.pem \
 125                 -config ca2.cnf \
 126                 -passin 'pass:password'
 127         openssl ca \
 128                 -keyfile ca2-key.pem \
 129                 -cert ca2-cert.pem \
 130                 -config ca2.cnf \
 131                 -gencrl \
 132                 -out ca2-crl.pem \
 133                 -passin 'pass:password'
 134
 135 ec-key.pem:
 136         openssl ecparam -genkey -out ec-key.pem -name prime256v1
 137
 138 ec-csr.pem: ec-key.pem
 139         openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
 140
 141 ec-cert.pem: ec-csr.pem ec-key.pem
 142         openssl x509 -req \
 143                 -days 9999 \
 144                 -in ec-csr.pem \
 145                 -signkey ec-key.pem \
 146                 -out ec-cert.pem
 147
 148 clean:
 149         rm -f *.pem *.srl ca2-database.txt ca2-serial
 150
 151 test: agent1-verify agent2-verify agent3-verify agent4-verify
 152
 153
 154 .PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify