istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tools/certs/Makefile.selfsigned.mk (about) 1 .SUFFIXES: .csr .pem .conf 2 .PRECIOUS: %/ca-key.pem %/ca-cert.pem %/cert-chain.pem 3 .PRECIOUS: %/workload-cert.pem %/key.pem %/workload-cert-chain.pem 4 .SECONDARY: root-cert.csr root-ca.conf %/cluster-ca.csr %/intermediate.conf 5 6 .DEFAULT_GOAL := help 7 8 SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST))) 9 10 include $(SELF_DIR)common.mk 11 12 #------------------------------------------------------------------------ 13 ##help: print this help message 14 .PHONY: help 15 16 help: 17 @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/##//' 18 19 #------------------------------------------------------------------------ 20 ##root-ca: generate root CA files (key and certificate) in current directory. 21 .PHONY: root-ca 22 23 root-ca: root-key.pem root-cert.pem 24 25 root-cert.pem: root-cert.csr root-key.pem 26 @echo "generating $@" 27 @openssl x509 -req -sha256 -days $(ROOTCA_DAYS) -signkey root-key.pem \ 28 -extensions req_ext -extfile root-ca.conf \ 29 -in $< -out $@ 30 31 root-cert.csr: root-key.pem root-ca.conf 32 @echo "generating $@" 33 @openssl req -sha256 -new -key $< -config root-ca.conf -out $@ 34 35 root-key.pem: 36 @echo "generating $@" 37 @openssl genrsa -out $@ 4096 38 #------------------------------------------------------------------------ 39 ##<name>-cacerts: generate self signed intermediate certificates for <name> and store them under <name> directory. 40 .PHONY: %-cacerts 41 42 %-cacerts: %/cert-chain.pem 43 @echo "done" 44 45 %/cert-chain.pem: %/ca-cert.pem root-cert.pem 46 @echo "generating $@" 47 @cat $^ > $@ 48 @echo "Intermediate inputs stored in $(dir $<)" 49 @cp root-cert.pem $(dir $<) 50 51 52 %/ca-cert.pem: %/cluster-ca.csr root-key.pem root-cert.pem 53 @echo "generating $@" 54 @openssl x509 -req -sha256 -days $(INTERMEDIATE_DAYS) \ 55 -CA root-cert.pem -CAkey root-key.pem -CAcreateserial\ 56 -extensions req_ext -extfile $(dir $<)/intermediate.conf \ 57 -in $< -out $@ 58 59 %/cluster-ca.csr: L=$(dir $@) 60 %/cluster-ca.csr: %/ca-key.pem %/intermediate.conf 61 @echo "generating $@" 62 @openssl req -sha256 -new -config $(L)/intermediate.conf -key $< -out $@ 63 64 %/ca-key.pem: 65 @echo "generating $@" 66 @mkdir -p $(dir $@) 67 @openssl genrsa -out $@ 4096 68 69 #------------------------------------------------------------------------ 70 ##<namespace>-certs: generate intermediate certificates and sign certificates for a virtual machine connected to the namespace `<namespace> using serviceAccount `$SERVICE_ACCOUNT` using self signed root certs. 71 .PHONY: %-certs 72 73 %-certs: %/ca-cert.pem %/workload-cert-chain.pem root-cert.pem 74 @echo "done" 75 76 %/workload-cert-chain.pem: %/workload-cert.pem %/ca-cert.pem root-cert.pem 77 @echo "generating $@" 78 @cat $^ > $@ 79 @echo "Intermediate and workload certs stored in $(dir $<)" 80 @cp root-cert.pem $(dir $@)/root-cert.pem 81 82 83 %/workload-cert.pem: %/workload.csr 84 @echo "generating $@" 85 @openssl x509 -sha256 -req -days $(WORKLOAD_DAYS) \ 86 -CA $(dir $<)/ca-cert.pem -CAkey $(dir $<)/ca-key.pem -CAcreateserial\ 87 -extensions req_ext -extfile $(dir $<)/workload.conf \ 88 -in $< -out $@ 89 90 %/workload.csr: L=$(dir $@) 91 %/workload.csr: %/key.pem %/workload.conf 92 @echo "generating $@" 93 @openssl req -sha256 -new -config $(L)/workload.conf -key $< -out $@ 94 95 %/key.pem: 96 @echo "generating $@" 97 @mkdir -p $(dir $@) 98 @openssl genrsa -out $@ 4096