2019-07-11 16:52:31 -04:00
|
|
|
all: server1-cert.pem server2-cert.pem proxy1-cert.pem proxy2-cert.pem client1-cert.pem client2-cert.pem
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Create Certificate Authority: ca1
|
|
|
|
# ('password' is used for the CA password.)
|
|
|
|
#
|
|
|
|
ca1-cert.pem: ca1.cnf
|
|
|
|
openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# Create Certificate Authority: ca2
|
|
|
|
# ('password' is used for the CA password.)
|
|
|
|
#
|
|
|
|
ca2-cert.pem: ca2.cnf
|
|
|
|
openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# Create Certificate Authority: ca3
|
|
|
|
# ('password' is used for the CA password.)
|
|
|
|
#
|
|
|
|
ca3-cert.pem: ca3.cnf
|
|
|
|
openssl req -new -x509 -days 9999 -config ca3.cnf -keyout ca3-key.pem -out ca3-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# Create Certificate Authority: ca4
|
|
|
|
# ('password' is used for the CA password.)
|
|
|
|
#
|
|
|
|
ca4-cert.pem: ca4.cnf
|
|
|
|
openssl req -new -x509 -days 9999 -config ca4.cnf -keyout ca4-key.pem -out ca4-cert.pem
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# server1 is signed by ca1.
|
|
|
|
#
|
|
|
|
server1-key.pem:
|
|
|
|
openssl genrsa -out server1-key.pem 1024
|
|
|
|
|
|
|
|
server1-csr.pem: server1.cnf server1-key.pem
|
|
|
|
openssl req -new -config server1.cnf -key server1-key.pem -out server1-csr.pem
|
|
|
|
|
|
|
|
server1-cert.pem: server1-csr.pem ca1-cert.pem ca1-key.pem
|
|
|
|
openssl x509 -req \
|
|
|
|
-days 9999 \
|
|
|
|
-passin "pass:password" \
|
|
|
|
-in server1-csr.pem \
|
|
|
|
-CA ca1-cert.pem \
|
|
|
|
-CAkey ca1-key.pem \
|
|
|
|
-CAcreateserial \
|
|
|
|
-out server1-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# server2 is signed by ca1.
|
|
|
|
#
|
|
|
|
server2-key.pem:
|
|
|
|
openssl genrsa -out server2-key.pem 1024
|
|
|
|
|
|
|
|
server2-csr.pem: server2.cnf server2-key.pem
|
|
|
|
openssl req -new -config server2.cnf -key server2-key.pem -out server2-csr.pem
|
|
|
|
|
|
|
|
server2-cert.pem: server2-csr.pem ca1-cert.pem ca1-key.pem
|
|
|
|
openssl x509 -req \
|
|
|
|
-days 9999 \
|
|
|
|
-passin "pass:password" \
|
|
|
|
-in server2-csr.pem \
|
|
|
|
-CA ca1-cert.pem \
|
|
|
|
-CAkey ca1-key.pem \
|
|
|
|
-CAcreateserial \
|
|
|
|
-out server2-cert.pem
|
|
|
|
|
|
|
|
server2-verify: server2-cert.pem ca1-cert.pem
|
|
|
|
openssl verify -CAfile ca1-cert.pem server2-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# proxy1 is signed by ca2.
|
|
|
|
#
|
|
|
|
proxy1-key.pem:
|
|
|
|
openssl genrsa -out proxy1-key.pem 1024
|
|
|
|
|
|
|
|
proxy1-csr.pem: proxy1.cnf proxy1-key.pem
|
|
|
|
openssl req -new -config proxy1.cnf -key proxy1-key.pem -out proxy1-csr.pem
|
|
|
|
|
|
|
|
proxy1-cert.pem: proxy1-csr.pem ca2-cert.pem ca2-key.pem
|
|
|
|
openssl x509 -req \
|
|
|
|
-days 9999 \
|
|
|
|
-passin "pass:password" \
|
|
|
|
-in proxy1-csr.pem \
|
|
|
|
-CA ca2-cert.pem \
|
|
|
|
-CAkey ca2-key.pem \
|
|
|
|
-CAcreateserial \
|
|
|
|
-out proxy1-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# proxy2 is signed by ca2.
|
|
|
|
#
|
|
|
|
proxy2-key.pem:
|
|
|
|
openssl genrsa -out proxy2-key.pem 1024
|
|
|
|
|
|
|
|
proxy2-csr.pem: proxy2.cnf proxy2-key.pem
|
|
|
|
openssl req -new -config proxy2.cnf -key proxy2-key.pem -out proxy2-csr.pem
|
|
|
|
|
|
|
|
proxy2-cert.pem: proxy2-csr.pem ca2-cert.pem ca2-key.pem
|
|
|
|
openssl x509 -req \
|
|
|
|
-days 9999 \
|
|
|
|
-passin "pass:password" \
|
|
|
|
-in proxy2-csr.pem \
|
|
|
|
-CA ca2-cert.pem \
|
|
|
|
-CAkey ca2-key.pem \
|
|
|
|
-CAcreateserial \
|
|
|
|
-out proxy2-cert.pem
|
|
|
|
|
|
|
|
proxy2-verify: proxy2-cert.pem ca2-cert.pem
|
|
|
|
openssl verify -CAfile ca2-cert.pem proxy2-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# client1 is signed by ca3.
|
|
|
|
#
|
|
|
|
client1-key.pem:
|
|
|
|
openssl genrsa -out client1-key.pem 1024
|
|
|
|
|
|
|
|
client1-csr.pem: client1.cnf client1-key.pem
|
|
|
|
openssl req -new -config client1.cnf -key client1-key.pem -out client1-csr.pem
|
|
|
|
|
|
|
|
client1-cert.pem: client1-csr.pem ca3-cert.pem ca3-key.pem
|
|
|
|
openssl x509 -req \
|
|
|
|
-days 9999 \
|
|
|
|
-passin "pass:password" \
|
|
|
|
-in client1-csr.pem \
|
|
|
|
-CA ca3-cert.pem \
|
|
|
|
-CAkey ca3-key.pem \
|
|
|
|
-CAcreateserial \
|
|
|
|
-out client1-cert.pem
|
|
|
|
|
|
|
|
#
|
|
|
|
# client2 is signed by ca4.
|
|
|
|
#
|
|
|
|
client2-key.pem:
|
|
|
|
openssl genrsa -out client2-key.pem 1024
|
|
|
|
|
|
|
|
client2-csr.pem: client2.cnf client2-key.pem
|
|
|
|
openssl req -new -config client2.cnf -key client2-key.pem -out client2-csr.pem
|
|
|
|
|
|
|
|
client2-cert.pem: client2-csr.pem ca4-cert.pem ca4-key.pem
|
|
|
|
openssl x509 -req \
|
|
|
|
-days 9999 \
|
|
|
|
-passin "pass:password" \
|
|
|
|
-in client2-csr.pem \
|
|
|
|
-CA ca4-cert.pem \
|
|
|
|
-CAkey ca4-key.pem \
|
|
|
|
-CAcreateserial \
|
|
|
|
-out client2-cert.pem
|
|
|
|
|
|
|
|
|
|
|
|
clean:
|
|
|
|
rm -f *.pem *.srl
|
|
|
|
|
|
|
|
test: client-verify server2-verify proxy1-verify proxy2-verify client-verify
|