Mercurial > hg > freeDiameter
comparison contrib/PKI/ca_script2/Makefile @ 394:fb9ed45f9217
New command to generate the pcks12 file directly
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Wed, 07 Jul 2010 16:52:17 +0900 |
parents | 6c3ca941f836 |
children | 54c4d3e840ff |
comparison
equal
deleted
inserted
replaced
393:6d9ee5ab79e5 | 394:fb9ed45f9217 |
---|---|
31 Creates the initial top-level CA structure\n\ | 31 Creates the initial top-level CA structure\n\ |
32 make newca name=newcaname ca=parentca\n\ | 32 make newca name=newcaname ca=parentca\n\ |
33 Creates a new sub-CA that can be used for certificates later.\n\ | 33 Creates a new sub-CA that can be used for certificates later.\n\ |
34 make newcert name=foo ca=parentca\n\ | 34 make newcert name=foo ca=parentca\n\ |
35 Create private key and csr, then issue the certificate (named foo.*)\n\ | 35 Create private key and csr, then issue the certificate (named foo.*)\n\ |
36 make p12 name=foo ca=parentca\n\ | |
37 Same as newcert, but additionnaly creates a pkcs12 file to ship client certificate to Windows or Mac\n\ | |
36 make ship name=foo ca=parentca\n\ | 38 make ship name=foo ca=parentca\n\ |
37 Create an archive with the data for the client\n\ | 39 Create an archive with the data for the client (useful for freeDiameter peers)\n\ |
38 make revoke name=foo ca=parentca\n\ | 40 make revoke name=foo ca=parentca\n\ |
39 Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\ | 41 Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\ |
40 make gencrl ca=caname\n\ | 42 make gencrl ca=caname\n\ |
41 Regenerates the CRL of CA caname. Should be run periodically.\n\ | 43 Regenerates the CRL of CA caname. Should be run periodically.\n\ |
42 \n\ | 44 \n\ |
133 # Compiled informations for the client | 135 # Compiled informations for the client |
134 @cat $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem | 136 @cat $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem |
135 @ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl | 137 @ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl |
136 @ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem | 138 @ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem |
137 | 139 |
140 # Create a PKCS#12 file containing the client's information | |
141 p12: newcert | |
142 # Create the PKCS#12 file | |
143 @cat $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \ | |
144 $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem \ | |
145 $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem \ | |
146 | openssl pkcs12 -export -out $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12 | |
147 @echo "Client certificate is created in $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12" | |
148 | |
138 # Create an archive to send the data to the client node | 149 # Create an archive to send the data to the client node |
139 ship: | 150 ship: |
140 @if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi | 151 @if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi |
141 @if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi | 152 @if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi |
142 @if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then echo "The client $(name) does not exist, use 'make newcert' first."; exit 1; fi | 153 @if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then echo "The client $(name) does not exist, use 'make newcert' first."; exit 1; fi |