lukeplausin · June 17, 2020 22:45
diff --git a/easy_ssl_certificates b/easy_ssl_certificates
 ######################
 # My CA - Create your own certificate authority!
 #     for people who need lots of certificates...
 #
 # Create a workspace and save this Makefile in the workspace
 # $ mkdir ~/.ssl/
 # $ curl https://gist.githubusercontent.com/lukeplausin/b1e78b3b55490d91997bcb13532ce663/raw > ~/.ssl/Makefile
 # $ cd ~/.ssl/
 #
 # $ make ca                         # Generate the certificate authority
 # $ DOMAIN=asdf.com make pfx        # Create certs for a domain with pfx
 # $ DOMAIN=asdf2.com make crt       # Create basic certs for a domain (no pfx)
 #
 # Clean your workspace
 # $ make clean
 #
 # Delete everything
 # $ make clean && rm *.key *.pem *.crt
 #
 # Customise the values in the makefile to make it your own.
 # If you want to remove the password prompt for PFX, add '-password $MYPASS'
 #
 ######################

 ######################
 # Become a Certificate Authority
 ######################

 # The Certificate Authority is the "master" certificate. It lends authenticity to other certificates
 # which it has signed itself. SSL certificate trust is usually established by a chain of trust, which
 # starts with the authority.

 # CA certificate days valid
 CA_DAYS=825
 # RSA encryption key bit length
 RSA_BITS=2048

 DES_OPTION= # If you want to password protect your private keys, set DES_OPTION=-des3

 # Put your domain here, or specify at the command line by running "export DOMAIN=..."
 DOMAIN?=mydomain.com

 # Put your details in here, or specify at command line by running "export SUBJECT=..."
 # C:  2 letter country code
 # ST: 2 letter state
 # L:  City name
 # O:  Organisation name
 # OU: Organisational unit (e.g. department name)
 # CN: Common name (domain name)
 SUBJECT?="/C=GB/ST=GB/L=London/O=Cowboy Consultants Ltd./OU=YeeHaw/CN=$(DOMAIN)"

 ###################### CA Targets

 ca: ca.key ca.pem

 ca.key:
 	# Generate private key
 	openssl genrsa $(DES_OPTION) -out ca.key $(RSA_BITS)

 ca.pem:
 	# Generate root certificate
 	openssl req -x509 -new -nodes -key ca.key -sha256 -days $(CA_DAYS) -out ca.pem -subj $(SUBJECT)

 ######################
 # Create CA-signed certs
 ######################

 # Signed certificates will be valid for this many days
 CERT_DAYS=365

 key:
 	# Generate a private key
 	if [ ! -f "$(DOMAIN).key" ]; then openssl genrsa -out $(DOMAIN).key $(RSA_BITS) $(DES_OPTION); fi

 csr:
 	# Create a certificate-signing request
 	if [ ! -f "$(DOMAIN).csr" ]; then openssl req -nodes -subj $(SUBJECT) -new -key $(DOMAIN).key -out $(DOMAIN).csr ; fi

 crt: key csr
 	# Create a certificate signed by the CA
 	if [ ! -f "$(DOMAIN).pem" ]; then openssl x509 -req -in $(DOMAIN).csr -CA ca.pem -CAkey ca.key -CAcreateserial -out $(DOMAIN).pem -days $(CERT_DAYS) -sha256 ; fi

 pfx: crt
 	if [ ! -f "$(DOMAIN).pfx" ]; then openssl pkcs12 -export -out $(DOMAIN).pfx -inkey $(DOMAIN).key -in $(DOMAIN).pem -certfile ca.pem ; fi

 ###################### Other targets

 cert: pfx

 clean:
 	rm *.csr *.pfx *.srl
	######################
	# My CA - Create your own certificate authority!
	# for people who need lots of certificates...
	#
	# Create a workspace and save this Makefile in the workspace
	# $ mkdir ~/.ssl/
	# $ curl https://gist.githubusercontent.com/lukeplausin/b1e78b3b55490d91997bcb13532ce663/raw > ~/.ssl/Makefile
	# $ cd ~/.ssl/
	#
	# $ make ca # Generate the certificate authority
	# $ DOMAIN=asdf.com make pfx # Create certs for a domain with pfx
	# $ DOMAIN=asdf2.com make crt # Create basic certs for a domain (no pfx)
	#
	# Clean your workspace
	# $ make clean
	#
	# Delete everything
	# $ make clean && rm .key .pem *.crt
	#
	# Customise the values in the makefile to make it your own.
	# If you want to remove the password prompt for PFX, add '-password $MYPASS'
	#
	######################

	######################
	# Become a Certificate Authority
	######################

	# The Certificate Authority is the "master" certificate. It lends authenticity to other certificates
	# which it has signed itself. SSL certificate trust is usually established by a chain of trust, which
	# starts with the authority.

	# CA certificate days valid
	CA_DAYS=825
	# RSA encryption key bit length
	RSA_BITS=2048

	DES_OPTION= # If you want to password protect your private keys, set DES_OPTION=-des3

	# Put your domain here, or specify at the command line by running "export DOMAIN=..."
	DOMAIN?=mydomain.com

	# Put your details in here, or specify at command line by running "export SUBJECT=..."
	# C: 2 letter country code
	# ST: 2 letter state
	# L: City name
	# O: Organisation name
	# OU: Organisational unit (e.g. department name)
	# CN: Common name (domain name)
	SUBJECT?="/C=GB/ST=GB/L=London/O=Cowboy Consultants Ltd./OU=YeeHaw/CN=$(DOMAIN)"

	###################### CA Targets

	ca: ca.key ca.pem

	ca.key:
	# Generate private key
	openssl genrsa $(DES_OPTION) -out ca.key $(RSA_BITS)

	ca.pem:
	# Generate root certificate
	openssl req -x509 -new -nodes -key ca.key -sha256 -days $(CA_DAYS) -out ca.pem -subj $(SUBJECT)

	######################
	# Create CA-signed certs
	######################

	# Signed certificates will be valid for this many days
	CERT_DAYS=365

	key:
	# Generate a private key
	if [ ! -f "$(DOMAIN).key" ]; then openssl genrsa -out $(DOMAIN).key $(RSA_BITS) $(DES_OPTION); fi

	csr:
	# Create a certificate-signing request
	if [ ! -f "$(DOMAIN).csr" ]; then openssl req -nodes -subj $(SUBJECT) -new -key $(DOMAIN).key -out $(DOMAIN).csr ; fi

	crt: key csr
	# Create a certificate signed by the CA
	if [ ! -f "$(DOMAIN).pem" ]; then openssl x509 -req -in $(DOMAIN).csr -CA ca.pem -CAkey ca.key -CAcreateserial -out $(DOMAIN).pem -days $(CERT_DAYS) -sha256 ; fi

	pfx: crt
	if [ ! -f "$(DOMAIN).pfx" ]; then openssl pkcs12 -export -out $(DOMAIN).pfx -inkey $(DOMAIN).key -in $(DOMAIN).pem -certfile ca.pem ; fi

	###################### Other targets

	cert: pfx

	clean:
	rm .csr .pfx *.srl