lady:factory:makeca

CA Makefile

GNU/Makefile to manage a local Certification Authority

Introduction

As openssl is, although powerful, somewhat complex to use and requires typing many flags and parameters as well as managing multiple filenames I started to think in a way to automatize a bit and depencies by various elements of the CA.

Yes I know, usually this is scripted, but I found the Makefile approach quite interesting.

Features

Currently the following features have been implemented:

  • Management of files in a DB hierarchy suitable for standard openssl tools (like CA.pl script)
  • Straight forward use, you set config, you create files

Limitations

Some limitations (not bugs):

  • Can only manage a unique CA
  • Not deeply tested
  • In some cases may need manual interaction (removing files, …)

Last ChangeLog history

Downloads

I usually doesn't provide packaged download, instead I try to keep the development trunk free of bugs, so usable. For big changes I usually use a separated branch to not affect main trunk of development.

In case the software have few changes (either because is stable enough or even because I don't maintain it actively) I provide packaged tarballs.

Documentation

Requirements

  • GNU Make
  • openssl

Install

  • Create a directory to hold the CA, and copy the files inside
  • Rename (or link) CA.mk to Makefile

Configure

It can work out-of-the-box, but I suggest to reivew some self-documenting variables inside the Makefile.

After install I suggest to review the template configuration files:

  • TemplateCA.conf will be used for the CA actions, certs and signing
  • TemplateCert.conf will be used to create default user-certificate configurations

Each time you create a new Certificate or request, a new configuration file especific for that cert is created from the TemplateCert.conf. I hihgly recommend to take a look at it and customize it for your certificate needs (not complex and short file). All this files are standard openssl config files.

Test and Use

Running make will show you a short summary, but basically you call pass it the filename and extension of what you need to create.

Support

Obviously this software/stuff is provided as-is under the GPL without any support. But I provide here help on issues or known problems as I can.

In case you would like to contact me for some, well detailed and tested issue, or even better provide a fix/enhancement you can send me an email at srcmaster@l3jane.net

I highly recommend to review the tools documentation:

  • lady/factory/makeca.txt
  • Last modified: 2023/06/26 15:12
  • by Count Zero