PASS := "whatever"

all: server_key.pem

rootCA.key:
	openssl genrsa -aes128 -out $@ 2048

rootCA.pem: rootCA.key
	openssl req -x509 -new -key $< -days 3560 -out $@

server_key.pem:
	openssl genpkey -aes128 -algorithm RSA -out server_key.pem -pkeyopt rsa_keygen_bits:2048

server_csr.pem: server_key.pem
	openssl req -new -key $< -out $@

server_cert.pem:
	openssl x509 -req -CA ../rootCA.pem -CAkey ../rootCA.key -in server_csr.pem -out server_cert.pem -days 365 -extfile server_v3.txt -ser_serial 1

server.p12:
	openssl pkcs12 -export -out server.p12 -inkey server_key.pem -in server_cert.pem -certfile ../rootCA.pem

permissions:
	chmod 600 server.key
	chmod 644 server.cer
	chmod 444 rootCA.cer
	chmod 700 /path/to/secure_dir

check:
	openssl x509 -in server_cert.pem -text
	openssl pkcs12 -in server.p12 -nodes

.PHONY: check permissions