Software /
code /
prosody
Annotate
certs/GNUmakefile @ 12520:bb5f772b3189 0.12
util.prosodyctl.check: Remove now redundant unbound config tweak
This is now done in net.unbound itself
Turning it back on in the config may still cause the problem of entries
there masking the DNS values.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 26 May 2022 13:03:58 +0200 |
parent | 8592:bd4f8a2b72c7 |
rev | line source |
---|---|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
1 .DEFAULT: localhost.crt |
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 keysize=2048 |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # How to: |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 # First, `make yourhost.cnf` which creates a openssl config file. |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 # Then edit this file and fill in the details you want it to have, |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 # and add or change hosts and components it should cover. |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # Then `make yourhost.key` to create your private key, you can |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # include keysize=number to change the size of the key. |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 # Then you can either `make yourhost.csr` to generate a certificate |
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
11 # signing request that you can submit to a CA, or `make yourhost.crt` |
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # to generate a self signed certificate. |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
3703
5bca5f90286f
certs/Makefile: Add .PRECIOUS to stop make deleting the key as an intermediate file (thanks deryni/Zash)
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
14 .PRECIOUS: %.cnf %.key |
5bca5f90286f
certs/Makefile: Add .PRECIOUS to stop make deleting the key as an intermediate file (thanks deryni/Zash)
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
15 |
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 # To request a cert |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 %.csr: %.cnf %.key |
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
18 openssl req -new -key $(lastword $^) \ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
19 -sha256 -utf8 -config $(firstword $^) -out $@ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
20 |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
21 %.csr: %.cnf |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
22 umask 0077 && touch $*.key |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
23 openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
24 -sha256 -utf8 -config $^ -out $@ |
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
25 @chmod 400 $*.key |
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
26 |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
27 %.csr: %.key |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
28 openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
29 |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
30 %.csr: |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
31 umask 0077 && touch $*.key |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
32 openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
33 -utf8 -subj /CN=$* -out $@ |
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
34 @chmod 400 $*.key |
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 # Self signed |
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
37 %.crt: %.cnf %.key |
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
38 openssl req -new -x509 -key $(lastword $^) -days 365 -sha256 -utf8 \ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
39 -config $(firstword $^) -out $@ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
40 |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
41 %.crt: %.cnf |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
42 umask 0077 && touch $*.key |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
43 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
44 -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ |
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
45 @chmod 400 $*.key |
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
47 %.crt: %.key |
7035
085a286e2873
certs/Makefile: Fix generating cert from only a key (no config then)
Kim Alvefur <zash@zash.se>
parents:
7031
diff
changeset
|
48 openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ |
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
49 |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
50 %.crt: |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
51 umask 0077 && touch $*.key |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
52 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
53 -days 365 -sha256 -out $@ -utf8 -subj /CN=$* |
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
54 @chmod 400 $*.key |
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
55 |
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
56 # Generate a config from the example |
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 %.cnf: |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 sed 's,example\.com,$*,g' openssl.cnf > $@ |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 %.key: |
7030
b5bc9f77f096
certs/Makefile: Run key generation with a stricter umask (fixes a race condition)
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
61 umask 0077 && openssl genrsa -out $@ $(keysize) |
7713
003ee2be2635
certs/Makefile: Remove -c flag to chmod, which appears to be a GNUism ... again (thanks waqas)
Kim Alvefur <zash@zash.se>
parents:
7030
diff
changeset
|
62 @chmod 400 $@ |
7194
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
63 |
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
64 # Generate Diffie-Hellman parameters |
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
65 dh-%.pem: |
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
66 openssl dhparam -out $@ $* |