Making SSL-Certificates

Creates keys and certificate requests via gnutls. It tries to keep files, if there exist. But if you change one file, files which depend on it, will be recreated by this program.

Install

Dependencies

You need GNU-make and gnutls-bin. sslmake is a Makefile, so you really need make!

apt install make gnutls-bin

Install

First clone this git-repository. Or download only sslmake.

YOu only need to copy it to a directory, which found in your $PATH.

install --owner root --group root --mode 0755 -t /usr/local/bin sslmake-gnutls

or simple:

make install

But it's possible to run sslmake local, so, you do not need any install.

./sslmake exmaple.csr

Howto

All files will be replaced, if files which it depends on, are newer. For example, if you create the host.example.net.key, and you run sslmake host.example.net.csr, your CSR will be replaced be a new. But if your CSR is newer than the KEY, it will not replace your CSR.

First Use

If you creates something a first time, then you are alright here. Renewing and removing will follow in 'Second Use'.

• Create the config:

    cat > host.example.net.cfg <<EOF
    cn = host.example.net
    dns_name = host.example.net
    dns_name = additional.example.net.cfg
    tls_www_server
  
    organization = "Example Inc."
    unit = "NOC"
    state = "Example"
    country = Ex
    signing_key
    encryption_key
    EOF
  

• Create the CSR:

    sslmake host.example.net.csr
  

  This will use host.example.net.cfg as configfile and creates a key (if needed) and the csr if didn't exists. Everything in one step.

• Perfect Forward Secrecy

    sslmake host.example.net.dh