Software / code / prosody
Annotate
certs/GNUmakefile @ 13247:1bb4aa803b32 0.12
util.array: Fix new() library function
Backport of ffe4adbd2af9 since new was added in the 0.12 branch
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 22 Jul 2023 16:31:05 +0200 |
| parent | 8592:bd4f8a2b72c7 |
| rev | line source |
|---|---|
|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
1 .DEFAULT: localhost.crt |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 keysize=2048 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # How to: |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 # First, `make yourhost.cnf` which creates a openssl config file. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 # Then edit this file and fill in the details you want it to have, |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 # and add or change hosts and components it should cover. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # Then `make yourhost.key` to create your private key, you can |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # include keysize=number to change the size of the key. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 # Then you can either `make yourhost.csr` to generate a certificate |
|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
11 # signing request that you can submit to a CA, or `make yourhost.crt` |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # to generate a self signed certificate. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
3703
5bca5f90286f
certs/Makefile: Add .PRECIOUS to stop make deleting the key as an intermediate file (thanks deryni/Zash)
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
14 .PRECIOUS: %.cnf %.key |
|
5bca5f90286f
certs/Makefile: Add .PRECIOUS to stop make deleting the key as an intermediate file (thanks deryni/Zash)
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
15 |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 # To request a cert |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 %.csr: %.cnf %.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
18 openssl req -new -key $(lastword $^) \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
19 -sha256 -utf8 -config $(firstword $^) -out $@ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
20 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
21 %.csr: %.cnf |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
22 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
23 openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
24 -sha256 -utf8 -config $^ -out $@ |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
25 @chmod 400 $*.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
26 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
27 %.csr: %.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
28 openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
29 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
30 %.csr: |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
31 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
32 openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
33 -utf8 -subj /CN=$* -out $@ |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
34 @chmod 400 $*.key |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 # Self signed |
|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
37 %.crt: %.cnf %.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
38 openssl req -new -x509 -key $(lastword $^) -days 365 -sha256 -utf8 \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
39 -config $(firstword $^) -out $@ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
40 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
41 %.crt: %.cnf |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
42 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
43 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
44 -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
45 @chmod 400 $*.key |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
47 %.crt: %.key |
|
7035
085a286e2873
certs/Makefile: Fix generating cert from only a key (no config then)
Kim Alvefur <zash@zash.se>
parents:
7031
diff
changeset
|
48 openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
49 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
50 %.crt: |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
51 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
52 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
53 -days 365 -sha256 -out $@ -utf8 -subj /CN=$* |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
54 @chmod 400 $*.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
55 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
56 # Generate a config from the example |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 %.cnf: |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 sed 's,example\.com,$*,g' openssl.cnf > $@ |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 %.key: |
|
7030
b5bc9f77f096
certs/Makefile: Run key generation with a stricter umask (fixes a race condition)
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
61 umask 0077 && openssl genrsa -out $@ $(keysize) |
|
7713
003ee2be2635
certs/Makefile: Remove -c flag to chmod, which appears to be a GNUism ... again (thanks waqas)
Kim Alvefur <zash@zash.se>
parents:
7030
diff
changeset
|
62 @chmod 400 $@ |
|
7194
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
63 |
|
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
64 # Generate Diffie-Hellman parameters |
|
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
65 dh-%.pem: |
|
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
66 openssl dhparam -out $@ $* |
