Mercurial > hg > freeDiameter

comparison contrib/PKI/ca_script2/Makefile @ 394:fb9ed45f9217

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New command to generate the pcks12 file directly
author Sebastien Decugis <sdecugis@nict.go.jp>
date Wed, 07 Jul 2010 16:52:17 +0900
parents 6c3ca941f836
children 54c4d3e840ff
comparison
equal deleted inserted replaced
393:6d9ee5ab79e5 394:fb9ed45f9217
31 Creates the initial top-level CA structure\n\ 31 Creates the initial top-level CA structure\n\
32 make newca name=newcaname ca=parentca\n\ 32 make newca name=newcaname ca=parentca\n\
33 Creates a new sub-CA that can be used for certificates later.\n\ 33 Creates a new sub-CA that can be used for certificates later.\n\
34 make newcert name=foo ca=parentca\n\ 34 make newcert name=foo ca=parentca\n\
35 Create private key and csr, then issue the certificate (named foo.*)\n\ 35 Create private key and csr, then issue the certificate (named foo.*)\n\
36 make p12 name=foo ca=parentca\n\
37 Same as newcert, but additionnaly creates a pkcs12 file to ship client certificate to Windows or Mac\n\
36 make ship name=foo ca=parentca\n\ 38 make ship name=foo ca=parentca\n\
37 Create an archive with the data for the client\n\ 39 Create an archive with the data for the client (useful for freeDiameter peers)\n\
38 make revoke name=foo ca=parentca\n\ 40 make revoke name=foo ca=parentca\n\
39 Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\ 41 Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\
40 make gencrl ca=caname\n\ 42 make gencrl ca=caname\n\
41 Regenerates the CRL of CA caname. Should be run periodically.\n\ 43 Regenerates the CRL of CA caname. Should be run periodically.\n\
42 \n\ 44 \n\
133 # Compiled informations for the client 135 # Compiled informations for the client
134 @cat $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem 136 @cat $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem
135 @ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl 137 @ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl
136 @ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem 138 @ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem
137 139
140 # Create a PKCS#12 file containing the client's information
141 p12: newcert
142 # Create the PKCS#12 file
143 @cat $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \
144 $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem \
145 $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem \
146 | openssl pkcs12 -export -out $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12
147 @echo "Client certificate is created in $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12"
148
138 # Create an archive to send the data to the client node 149 # Create an archive to send the data to the client node
139 ship: 150 ship:
140 @if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi 151 @if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
141 @if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi 152 @if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
142 @if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then echo "The client $(name) does not exist, use 'make newcert' first."; exit 1; fi 153 @if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then echo "The client $(name) does not exist, use 'make newcert' first."; exit 1; fi
"Welcome to our mercurial repository"