blob: 6b4745b528b01f256b94017326e82218b00d3c13 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
all: server1-cert.pem server2-cert.pem proxy1-cert.pem proxy2-cert.pem client1-cert.pem client2-cert.pem
#
# Create Certificate Authority: ca1
# ('password' is used for the CA password.)
#
ca1-cert.pem: ca1.cnf
openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
#
# Create Certificate Authority: ca2
# ('password' is used for the CA password.)
#
ca2-cert.pem: ca2.cnf
openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
#
# Create Certificate Authority: ca3
# ('password' is used for the CA password.)
#
ca3-cert.pem: ca3.cnf
openssl req -new -x509 -days 9999 -config ca3.cnf -keyout ca3-key.pem -out ca3-cert.pem
#
# Create Certificate Authority: ca4
# ('password' is used for the CA password.)
#
ca4-cert.pem: ca4.cnf
openssl req -new -x509 -days 9999 -config ca4.cnf -keyout ca4-key.pem -out ca4-cert.pem
#
# server1 is signed by ca1.
#
server1-key.pem:
openssl genrsa -out server1-key.pem 1024
server1-csr.pem: server1.cnf server1-key.pem
openssl req -new -config server1.cnf -key server1-key.pem -out server1-csr.pem
server1-cert.pem: server1-csr.pem ca1-cert.pem ca1-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in server1-csr.pem \
-CA ca1-cert.pem \
-CAkey ca1-key.pem \
-CAcreateserial \
-out server1-cert.pem
#
# server2 is signed by ca1.
#
server2-key.pem:
openssl genrsa -out server2-key.pem 1024
server2-csr.pem: server2.cnf server2-key.pem
openssl req -new -config server2.cnf -key server2-key.pem -out server2-csr.pem
server2-cert.pem: server2-csr.pem ca1-cert.pem ca1-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in server2-csr.pem \
-CA ca1-cert.pem \
-CAkey ca1-key.pem \
-CAcreateserial \
-out server2-cert.pem
server2-verify: server2-cert.pem ca1-cert.pem
openssl verify -CAfile ca1-cert.pem server2-cert.pem
#
# proxy1 is signed by ca2.
#
proxy1-key.pem:
openssl genrsa -out proxy1-key.pem 1024
proxy1-csr.pem: proxy1.cnf proxy1-key.pem
openssl req -new -config proxy1.cnf -key proxy1-key.pem -out proxy1-csr.pem
proxy1-cert.pem: proxy1-csr.pem ca2-cert.pem ca2-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in proxy1-csr.pem \
-CA ca2-cert.pem \
-CAkey ca2-key.pem \
-CAcreateserial \
-out proxy1-cert.pem
#
# proxy2 is signed by ca2.
#
proxy2-key.pem:
openssl genrsa -out proxy2-key.pem 1024
proxy2-csr.pem: proxy2.cnf proxy2-key.pem
openssl req -new -config proxy2.cnf -key proxy2-key.pem -out proxy2-csr.pem
proxy2-cert.pem: proxy2-csr.pem ca2-cert.pem ca2-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in proxy2-csr.pem \
-CA ca2-cert.pem \
-CAkey ca2-key.pem \
-CAcreateserial \
-out proxy2-cert.pem
proxy2-verify: proxy2-cert.pem ca2-cert.pem
openssl verify -CAfile ca2-cert.pem proxy2-cert.pem
#
# client1 is signed by ca3.
#
client1-key.pem:
openssl genrsa -out client1-key.pem 1024
client1-csr.pem: client1.cnf client1-key.pem
openssl req -new -config client1.cnf -key client1-key.pem -out client1-csr.pem
client1-cert.pem: client1-csr.pem ca3-cert.pem ca3-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in client1-csr.pem \
-CA ca3-cert.pem \
-CAkey ca3-key.pem \
-CAcreateserial \
-out client1-cert.pem
#
# client2 is signed by ca4.
#
client2-key.pem:
openssl genrsa -out client2-key.pem 1024
client2-csr.pem: client2.cnf client2-key.pem
openssl req -new -config client2.cnf -key client2-key.pem -out client2-csr.pem
client2-cert.pem: client2-csr.pem ca4-cert.pem ca4-key.pem
openssl x509 -req \
-days 9999 \
-passin "pass:password" \
-in client2-csr.pem \
-CA ca4-cert.pem \
-CAkey ca4-key.pem \
-CAcreateserial \
-out client2-cert.pem
clean:
rm -f *.pem *.srl
test: client-verify server2-verify proxy1-verify proxy2-verify client-verify
|
