This makes my life easier during testing, and feels cleaner.
/server.ocsp
/server.p12
/configs
+/dnsdist.log
+/dnsdist_test.conf
--- /dev/null
+clean-certs:
+ rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp
+clean-config:
+ rm -rf configs/*
+certs:
+ # Generate a new CA
+ openssl req -new -x509 -days 1 -extensions v3_ca -keyout ca.key -out ca.pem -nodes -config configCA.conf
+ # Generate a new server certificate request
+ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config configServer.conf
+ # Sign the server cert
+ openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in server.csr -out server.pem -extfile configServer.conf -extensions v3_req
+ # Generate a chain
+ cat server.pem ca.pem > server.chain
+ # Generate a password-protected PKCS12 file
+ openssl pkcs12 -export -passout pass:passw0rd -clcerts -in server.pem -CAfile ca.pem -inkey server.key -out server.p12
set -x
fi
-rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp
-rm -rf configs/*
-
-# Generate a new CA
-openssl req -new -x509 -days 1 -extensions v3_ca -keyout ca.key -out ca.pem -nodes -config configCA.conf
-# Generate a new server certificate request
-openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config configServer.conf
-# Sign the server cert
-openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in server.csr -out server.pem -extfile configServer.conf -extensions v3_req
-# Generate a chain
-cat server.pem ca.pem > server.chain
-# Generate a password-protected PKCS12 file
-openssl pkcs12 -export -passout pass:passw0rd -clcerts -in server.pem -CAfile ca.pem -inkey server.key -out server.p12
+make clean-certs
+make clean-configs
+make certs
out=$(mktemp)
set -o pipefail
fi
rm -f "${out}"
-rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp
+make clean-certs
projects / thirdparty / pdns.git / commitdiff
