First public release

certs/Makefile

@@ -0,0 +1,36 @@
+DAYS ?= 730
+
+all: host.crt check chain.crt
+
+clean:
+	rm ca.key ca.crt host.key host.crt host.csr chain.crt
+
+finalize: host.crt
+	rm ca.key
+	rm chain.crt
+	$(MAKE) chain.crt
+	: Now you can trust ca.crt in your system, and nobody can abuse this root CA
+
+ca.key:
+	openssl genrsa -out ca.key 4096
+
+ca.crt: ca.key
+	openssl req -x509 -new -nodes -key ca.key -sha256 -days $(DAYS) -out ca.crt -subj "/C=TW/ST=Taiwan/O=Inndy's NHI Smartcard Client"
+
+host.key:
+	openssl genrsa -out host.key 4096
+
+host.csr: host.key
+	openssl req -new -key host.key -config san.cnf -sha256 -out host.csr
+
+host.crt: host.csr ca.crt ca.key
+	openssl x509 -req -in host.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out host.crt -days $(DAYS) -sha256 -extensions req_ext -extfile san.cnf
+
+chain.crt:
+	cat host.crt ca.crt > chain.crt
+
+check:
+	: ==================== ca.crt ====================
+	openssl x509 -noout -text -in ca.crt
+	: ==================== host.crt ====================
+	openssl x509 -noout -text -in host.crt