Skip to content

Instantly share code, notes, and snippets.

@niw
Last active December 18, 2015 03:39
Show Gist options
  • Save niw/5719790 to your computer and use it in GitHub Desktop.
Save niw/5719790 to your computer and use it in GitHub Desktop.
A simple list of X509 certificate generate commands. Use like `make my.host.name.crt` or `env CN="My Common Name" make cert.crt`
.SUFFIXES:
.SUFFIXES: .key .csr .crt .pem .p12
.PRECIOUS: %.key %.csr %.crt %.pem %.p12
# Generate a private key
# To encrypt private key, use -des3 option.
%.key:
openssl genrsa -out $@ 2048
# Generate a CA certificate request
ca.csr: ca.key
openssl req -new -key $*.key -out $@ -subj /CN=CA
# Generate a CA self signed certificate
ca.crt: ca.csr ca.key
openssl x509 -req -days 3650 -signkey ca.key -in ca.csr -out $@
# Initialize CA serial number
ca.srl:
echo 01 > $@
# Generate a certificate request
%.csr: %.key
openssl req -new -key $*.key -out $@ -subj "/CN=$(if $(CN),$(CN),$*)"
# Generate a CA signed certificate
%.crt: %.csr ca.key ca.crt ca.srl
openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -in $*.csr -out $@
# Put a certificate and a private key into a single PEM file. Optional.
%.pem: %.crt %.key
cat $*.crt $*.key > $@
# Put a certificate and a private key into a single PKCS12 file. Optional.
%.p12: %.crt %.key
openssl pkcs12 -export -in $*.crt -inkey $*.key -out $@
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment