-all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem agent5-cert.pem ca2-crl.pem ec-cert.pem dh512.pem dh1024.pem dh2048.pem rsa_private_1024.pem rsa_private_2048.pem rsa_private_4096.pem rsa_public_1024.pem rsa_public_2048.pem rsa_public_4096.pem
+all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem agent5-cert.pem ca2-crl.pem ec-cert.pem dh512.pem dh1024.pem dh2048.pem dsa1025.pem dsa_private_1025.pem dsa_public_1025.pem rsa_private_1024.pem rsa_private_2048.pem rsa_private_4096.pem rsa_public_1024.pem rsa_public_2048.pem rsa_public_4096.pem
#
echo '01' > ca2-serial
touch ca2-database.txt
+#
+# Create Subordinate Certificate Authority: ca3
+# ('password' is used for the CA password.)
+#
+ca3-key.pem:
+ openssl genrsa -out ca3-key.pem 1024
+
+ca3-csr.pem: ca3.cnf ca3-key.pem
+ openssl req -new \
+ -extensions v3_ca \
+ -config ca3.cnf \
+ -key ca3-key.pem \
+ -out ca3-csr.pem
+
+ca3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
+ openssl x509 -req \
+ -extfile ca3.cnf \
+ -extensions v3_ca \
+ -days 9999 \
+ -passin "pass:password" \
+ -in ca3-csr.pem \
+ -CA ca1-cert.pem \
+ -CAkey ca1-key.pem \
+ -CAcreateserial \
+ -out ca3-cert.pem
+
+#
+# Create Fake CNNIC Root Certificate Authority: fake-cnnic-root
+#
+
+fake-cnnic-root-key.pem:
+ openssl genrsa -out fake-cnnic-root-key.pem 2048
+
+fake-cnnic-root-cert.pem: fake-cnnic-root.cnf fake-cnnic-root-key.pem
+ openssl req -x509 -new \
+ -key fake-cnnic-root-key.pem \
+ -days 1024 \
+ -out fake-cnnic-root-cert.pem \
+ -config fake-cnnic-root.cnf
#
# agent1 is signed by ca1.
agent5-verify: agent5-cert.pem ca2-cert.pem
openssl verify -CAfile ca2-cert.pem agent5-cert.pem
+#
+# agent6 is signed by ca3
+#
+
+agent6-key.pem:
+ openssl genrsa -out agent6-key.pem 1024
+
+agent6-csr.pem: agent6.cnf agent6-key.pem
+ openssl req -new -config agent6.cnf -key agent6-key.pem -out agent6-csr.pem
+
+agent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem
+ openssl x509 -req \
+ -days 9999 \
+ -passin "pass:password" \
+ -in agent6-csr.pem \
+ -CA ca3-cert.pem \
+ -CAkey ca3-key.pem \
+ -CAcreateserial \
+ -extfile agent6.cnf \
+ -out agent6-cert.pem
+ cat ca3-cert.pem >> agent6-cert.pem
+
+agent6-verify: agent6-cert.pem ca3-cert.pem
+ openssl verify -CAfile ca3-cert.pem agent6-cert.pem
+
+#
+# agent7 is signed by fake-cnnic-root.
+#
+
+agent7-key.pem:
+ openssl genrsa -out agent7-key.pem 2048
+
+agent7-csr.pem: agent1.cnf agent7-key.pem
+ openssl req -new -config agent7.cnf -key agent7-key.pem -out agent7-csr.pem
+
+agent7-cert.pem: agent7-csr.pem fake-cnnic-root-cert.pem fake-cnnic-root-key.pem
+ openssl x509 -req \
+ -extfile agent7.cnf \
+ -days 9999 \
+ -passin "pass:password" \
+ -in agent7-csr.pem \
+ -CA fake-cnnic-root-cert.pem \
+ -CAkey fake-cnnic-root-key.pem \
+ -CAcreateserial \
+ -out agent7-cert.pem
+
+agent7-verify: agent7-cert.pem fake-cnnic-root-cert.pem
+ openssl verify -CAfile fake-cnnic-root-cert.pem agent7-cert.pem
+
ec-key.pem:
openssl ecparam -genkey -out ec-key.pem -name prime256v1
dh2048.pem:
openssl dhparam -out dh2048.pem 2048
+dsa1025.pem:
+ openssl dsaparam -out dsa1025.pem 1025
+
+dsa_private_1025.pem:
+ openssl gendsa -out dsa_private_1025.pem dsa1025.pem
+
+dsa_public_1025.pem:
+ openssl dsa -in dsa_private_1025.pem -pubout -out dsa_public_1025.pem
+
rsa_private_1024.pem:
openssl genrsa -out rsa_private_1024.pem 1024