Software / code / prosody
Annotate
certs/makefile @ 12473:bb85be686a01
mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors
Otherwise it would just report "is not trusted" unless you inspect the
logs. This message is sent to to the remote server, and will hopefully
show up in their logs, allowing the admin to fix their DANE setup.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 25 Apr 2022 14:41:54 +0200 |
| parent | 8593:c4222e36333c |
| rev | line source |
|---|---|
|
8593
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 .DEFAULT: localhost.crt |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 keysize=2048 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # How to: |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 # First, `make yourhost.cnf` which creates a openssl config file. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 # Then edit this file and fill in the details you want it to have, |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 # and add or change hosts and components it should cover. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # Then `make yourhost.key` to create your private key, you can |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # include keysize=number to change the size of the key. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 # Then you can either `make yourhost.csr` to generate a certificate |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 # signing request that you can submit to a CA, or `make yourhost.crt` |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # to generate a self signed certificate. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 ${.TARGETS:M*.crt}: |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout ${.TARGET:R}.key \ |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 -days 365 -sha256 -out $@ -utf8 -subj /CN=${.TARGET:R} |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 .SUFFIXES: .key .crt |
