| all: server1-cert.pem server2-cert.pem proxy1-cert.pem proxy2-cert.pem client1-cert.pem client2-cert.pem |
| |
| |
| # |
| # Create Certificate Authority: ca1 |
| # ('password' is used for the CA password.) |
| # |
| ca1-cert.pem: ca1.cnf |
| openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem |
| |
| # |
| # Create Certificate Authority: ca2 |
| # ('password' is used for the CA password.) |
| # |
| ca2-cert.pem: ca2.cnf |
| openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem |
| |
| # |
| # Create Certificate Authority: ca3 |
| # ('password' is used for the CA password.) |
| # |
| ca3-cert.pem: ca3.cnf |
| openssl req -new -x509 -days 9999 -config ca3.cnf -keyout ca3-key.pem -out ca3-cert.pem |
| |
| # |
| # Create Certificate Authority: ca4 |
| # ('password' is used for the CA password.) |
| # |
| ca4-cert.pem: ca4.cnf |
| openssl req -new -x509 -days 9999 -config ca4.cnf -keyout ca4-key.pem -out ca4-cert.pem |
| |
| |
| # |
| # server1 is signed by ca1. |
| # |
| server1-key.pem: |
| openssl genrsa -out server1-key.pem 1024 |
| |
| server1-csr.pem: server1.cnf server1-key.pem |
| openssl req -new -config server1.cnf -key server1-key.pem -out server1-csr.pem |
| |
| server1-cert.pem: server1-csr.pem ca1-cert.pem ca1-key.pem |
| openssl x509 -req \ |
| -days 9999 \ |
| -passin "pass:password" \ |
| -in server1-csr.pem \ |
| -CA ca1-cert.pem \ |
| -CAkey ca1-key.pem \ |
| -CAcreateserial \ |
| -out server1-cert.pem |
| |
| # |
| # server2 is signed by ca1. |
| # |
| server2-key.pem: |
| openssl genrsa -out server2-key.pem 1024 |
| |
| server2-csr.pem: server2.cnf server2-key.pem |
| openssl req -new -config server2.cnf -key server2-key.pem -out server2-csr.pem |
| |
| server2-cert.pem: server2-csr.pem ca1-cert.pem ca1-key.pem |
| openssl x509 -req \ |
| -days 9999 \ |
| -passin "pass:password" \ |
| -in server2-csr.pem \ |
| -CA ca1-cert.pem \ |
| -CAkey ca1-key.pem \ |
| -CAcreateserial \ |
| -out server2-cert.pem |
| |
| server2-verify: server2-cert.pem ca1-cert.pem |
| openssl verify -CAfile ca1-cert.pem server2-cert.pem |
| |
| # |
| # proxy1 is signed by ca2. |
| # |
| proxy1-key.pem: |
| openssl genrsa -out proxy1-key.pem 1024 |
| |
| proxy1-csr.pem: proxy1.cnf proxy1-key.pem |
| openssl req -new -config proxy1.cnf -key proxy1-key.pem -out proxy1-csr.pem |
| |
| proxy1-cert.pem: proxy1-csr.pem ca2-cert.pem ca2-key.pem |
| openssl x509 -req \ |
| -days 9999 \ |
| -passin "pass:password" \ |
| -in proxy1-csr.pem \ |
| -CA ca2-cert.pem \ |
| -CAkey ca2-key.pem \ |
| -CAcreateserial \ |
| -out proxy1-cert.pem |
| |
| # |
| # proxy2 is signed by ca2. |
| # |
| proxy2-key.pem: |
| openssl genrsa -out proxy2-key.pem 1024 |
| |
| proxy2-csr.pem: proxy2.cnf proxy2-key.pem |
| openssl req -new -config proxy2.cnf -key proxy2-key.pem -out proxy2-csr.pem |
| |
| proxy2-cert.pem: proxy2-csr.pem ca2-cert.pem ca2-key.pem |
| openssl x509 -req \ |
| -days 9999 \ |
| -passin "pass:password" \ |
| -in proxy2-csr.pem \ |
| -CA ca2-cert.pem \ |
| -CAkey ca2-key.pem \ |
| -CAcreateserial \ |
| -out proxy2-cert.pem |
| |
| proxy2-verify: proxy2-cert.pem ca2-cert.pem |
| openssl verify -CAfile ca2-cert.pem proxy2-cert.pem |
| |
| # |
| # client1 is signed by ca3. |
| # |
| client1-key.pem: |
| openssl genrsa -out client1-key.pem 1024 |
| |
| client1-csr.pem: client1.cnf client1-key.pem |
| openssl req -new -config client1.cnf -key client1-key.pem -out client1-csr.pem |
| |
| client1-cert.pem: client1-csr.pem ca3-cert.pem ca3-key.pem |
| openssl x509 -req \ |
| -days 9999 \ |
| -passin "pass:password" \ |
| -in client1-csr.pem \ |
| -CA ca3-cert.pem \ |
| -CAkey ca3-key.pem \ |
| -CAcreateserial \ |
| -out client1-cert.pem |
| |
| # |
| # client2 is signed by ca4. |
| # |
| client2-key.pem: |
| openssl genrsa -out client2-key.pem 1024 |
| |
| client2-csr.pem: client2.cnf client2-key.pem |
| openssl req -new -config client2.cnf -key client2-key.pem -out client2-csr.pem |
| |
| client2-cert.pem: client2-csr.pem ca4-cert.pem ca4-key.pem |
| openssl x509 -req \ |
| -days 9999 \ |
| -passin "pass:password" \ |
| -in client2-csr.pem \ |
| -CA ca4-cert.pem \ |
| -CAkey ca4-key.pem \ |
| -CAcreateserial \ |
| -out client2-cert.pem |
| |
| |
| clean: |
| rm -f *.pem *.srl |
| |
| test: client-verify server2-verify proxy1-verify proxy2-verify client-verify |