GNUmakefile.in 3.06 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
#
# Insert Copyright Here.
#
SRCDIR		= @srcdir@
TESTBED_SRCDIR	= @top_srcdir@
EVENTSYS	= @EVENTSYS@
OBJDIR		= ..
SUBDIR		= ssl

include $(OBJDIR)/Makeconf

12
all:	emulab.pem server.pem localnode.pem ronnode.pem
13 14 15 16 17 18 19 20 21 22 23

include $(TESTBED_SRCDIR)/GNUmakerules

#
# You do not want to run these targets unless you are sure you
# know what you are doing! You really do not want to install these
# unless you are very sure you know what you are doing. You could
# mess up all the clients when the CA changes out from under them.
#
pems:	emulab.pem server.pem client.pem

24
emulab.pem:	dirsmade emulab.cnf
25 26 27 28
	#
	# Create the Certificate Authority.
	# The certificate (no key!) is installed on both boss and remote nodes.
	#
29
	openssl req -new -x509 -days 1000 -config emulab.cnf \
30 31 32
		    -keyout cakey.pem -out cacert.pem
	cp cacert.pem emulab.pem

33
server.pem:	dirsmade server.cnf ca.cnf
34 35 36
	#
	# Create the server side private key and certificate request.
	#
37 38
	openssl req -new -config server.cnf \
		-keyout server_key.pem -out server_req.pem
39 40 41
	#
	# Combine key and cert request.
	#
42
	cat server_key.pem server_req.pem > newreq.pem
43 44 45
	#
	# Sign the server cert request, creating a server certificate.
	#
46 47
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out server_cert.pem \
48 49 50 51 52 53
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by tmcd.
	#
54
	cat server_key.pem server_cert.pem > server.pem
55 56
	rm -f newreq.pem

Leigh B. Stoller's avatar
Leigh B. Stoller committed
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
capture.pem:	dirsmade capture.cnf ca.cnf
	#
	# Create the server side private key and certificate request.
	#
	openssl req -new -config capture.cnf \
		-keyout capture_key.pem -out capture_req.pem
	#
	# Combine key and cert request.
	#
	cat capture_key.pem capture_req.pem > newreq.pem
	#
	# Sign the capture cert request, creating a capture certificate.
	#
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out capture_cert.pem \
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by capture.
	#
	cat capture_key.pem capture_cert.pem > capture.pem
	rm -f newreq.pem

81 82 83 84 85
localnode.pem:	dirsmade localnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh localnode

ronnode.pem:	dirsmade ronnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh ronnode
86 87 88 89 90 91 92 93 94 95 96 97

dirsmade:
	-mkdir -p certs
	-mkdir -p newcerts
	-mkdir -p crl
	echo "01" > serial
	touch index.txt
	touch dirsmade

#
# You do not want to run these targets unless you are sure you
# know what you are doing!
98 99 100 101
#
install:
	@echo "BE VERY CAREFUL! INSTALLING NEW CERTS CAN CAUSE DISASTER!"

102
boss-install:	$(INSTALL_ETCDIR)/emulab.pem \
Leigh B. Stoller's avatar
Leigh B. Stoller committed
103 104
		$(INSTALL_ETCDIR)/server.pem \
		$(INSTALL_ETCDIR)/capture.pem
105
	$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
106

107 108 109
client-install:
	$(INSTALL_DATA) localnode.pem /etc/testbed/client.pem
	$(INSTALL_DATA) emulab.pem /etc/testbed/emulab.pem
110

111 112 113
tipserv-install:	$(INSTALL_SBINDIR)/capture.pem
	chmod 640 $(INSTALL_SBINDIR)/capture.pem

114
clean:
115 116
	rm -f *.pem serial index.txt *.old dirsmade *.cnf
	rm -rf newcerts certs