Commit b856110f authored by Robert Dubner's avatar Robert Dubner
Browse files

Moved demonstration/radiusclient files into place from Dubner's ldap-radius project

parent 78efa120
Pipeline #3629 failed with stage
in 60 minutes and 2 seconds
SLAPD = ~/repos/openldap/servers/slapd/.libs/slapd
DEBUG_LEVEL=STATS
DEBUG_LEVEL=-1
DEBUG_LEVEL= 4083 # Everything but LDAP_DEBUG_CONNS (8) and LDAP_DEBUG_ARGS(4)
DEBUG_LEVEL=0
DEBUG_LEVEL= 4087 # Everything but LDAP_DEBUG_CONNS (8); it cuts down on noise during debugging
all:
@echo "'make scratch' to build up the LDAP DIT from scratch"
@echo "'make slapd' to launch the OpenLDAP slapd daemon"
@echo "'make radiusd' to launch the FreeRADIUS radiusd daemon"
@echo "'make kill' to kill both slapd and radiusd"
@echo "'make slapdd' for GDB-launched version of the daemons"
@echo "'make radiusdd' for GDB-launched version of the daemons"
scratch:
# Make sure slapd isn't running
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
# Clear out the log files
rm -f slapd.log
rm -f debug.log
# Clear out the database directory completely:
rm -fr testdir
# Create the database directory:
mkdir -p testdir/openldap-data
# Launch SLAPD
LDAPNOINIT=1 /usr/local/libexec/slapd -h "ldap://127.0.0.1:3899/" -s 0 -f slapd.conf -d $(DEBUG_LEVEL) > slapd.log 2>&1 &
@echo "Waiting 1 second..."
sleep 1
# Do the initial database population:
ldapadd -H ldap://127.0.0.1:3899/ -x -D "cn=Manager,dc=renbud,dc=com" -w secret -f renbud.ldif
@echo "slapd is running; use 'make kill' to shut it and the radiusd daemon down"
slapd:
# Make sure slapd isn't running
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
# Clear out the log files
rm -f slapd.log
rm -f debug.log
# Launch SLAPD
# LDAPNOINIT=1 sudo chrt -rr 49 /usr/local/libexec/slapd -h "ldap://127.0.0.1:3899/" -s 0 -f slapd.conf -d $(DEBUG_LEVEL) 2>&1 | tee slapd.log &
LDAPNOINIT=1 $(SLAPD) -h "ldap://127.0.0.1:3899/" -s 0 -f slapd.conf -d $(DEBUG_LEVEL) 2>&1 | tee slapd.log &
slapdd:
# Make sure slapd isn't running
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
# Clear out the log files
sudo rm -f testdir/slapd.pid
sudo rm -f testdir/slapd.args
rm -f slapd.log
rm -f debug.log
# Launch SLAPD with the debugger:
LDAPNOINIT=1 gdb --args $(SLAPD) -h "ldap://127.0.0.1:3899/" -s 0 -f ./slapd.conf -d -1
nc:
echo "abel1,abel1" | nc -w 1 -4u localhost 18129
echo "abel1,badpassword" | nc -w 1 -4u localhost 18129
whoami:
ldapwhoami -Hldap://127.0.0.1:3899/ -x -D "uid=abel1,ou=People,dc=renbud,dc=com" -w abel1
search:
ldapsearch -LLL -Hldap://127.0.0.1:3899/ -x -b "dc=renbud,dc=com" '(uid=abe1)' sn cn
searchd:
gdb --args /home/bob/repos/openldap/clients/tools/.libs/ldapsearch -LLL -Hldap://127.0.0.1:3899/ -x -b "dc=renbud,dc=com" '(uid=abe1)' sn cn
kill:
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL slapd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
radiusd:
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
rm -f radiust.log
cp eap_for_demo /usr/local/etc/raddb/mods-available
rm -f /usr/local/etc/raddb/mods-enabled/eap
ln -s ../mods-available/eap_for_demo /usr/local/etc/raddb/mods-enabled/eap
$(MAKE) -C radius-config
radiusd -X 2>&1 | tee radiusd.log &
radiusdd:
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
sudo pkill -KILL radiusd || true
rm -f radiust.log
cp eap_for_demo /usr/local/etc/raddb/mods-available
rm -f /usr/local/etc/raddb/mods-enabled/eap
ln -s ../mods-available/eap_for_demo /usr/local/etc/raddb/mods-enabled/eap
$(MAKE) -C radius-config
gdb --args radiusd -sfxx -l stdout
.PHONY: both
both: radiusd slapd
radius:
rm -f radiust.log
sudo chrt -rr 49 radiusd
rtest:
radtest testing password 127.0.0.1 0 testing123
# radtest abel1 abel1 127.0.0.1 0 testing123
dump-config:
ldapsearch -H ldap://127.0.0.1:3899/ -x -D cn=config -w VerySecret -b cn=config
all:
@echo "Hi!"
cp mod-ldap.original mod-ldap
sed -i '/port = 389/a \\tport = 3899' mod-ldap
sed -i "/identity = /a\ \tidentity = \'cn=Manager,dc=renbud,dc=com\'" mod-ldap
sed -i "/password = /a\ \tpassword = secret" mod-ldap
sed -i 's/dc=example,dc=org/dc=renbud,dc=com/g' mod-ldap
scp mod-ldap /usr/local/etc/raddb/mods-available/ldap
ln -f -s /usr/local/etc/raddb/mods-available/ldap /usr/local/etc/raddb/mods-enabled/ldap
# Disable ldap by uncommenting the following line
rm /usr/local/etc/raddb/mods-enabled/ldap
cp clients.conf.original clients.conf.mod
sed -i -e '$$aclient lap90a90 {' clients.conf.mod
sed -i -e '$$a\\tipaddr = 10.0.1.250' clients.conf.mod
sed -i -e '$$a\\tsecret = testing123' clients.conf.mod
sed -i -e '$$a\\trequire_message_authenticator = yes' clients.conf.mod
sed -i -e '$$a}' clients.conf.mod
cp clients.conf.mod /usr/local/etc/raddb/clients.conf
GCC = gcc
OPTS = -Wall -ggdb -O0
#OPTS = -Wall -g -O2
all:
$(GCC) $(OPTS) roundtrip.c -o roundtrip
FREERADIUS_FILES = /usr/local/etc/raddb/
GCC = gcc
COPTS = -ggdb -O0 -Wall
ALLH = $(wildcard *.h)
LIBS = -L/usr/lib -lssl -lcrypto
TCPSERVER_OBJS = tcpserver.o ourtls.o
TCPCLIENT_OBJS = tcpclient.o ourtls.o
MEMCOMMS_OBJS = memcomms.o ourtls.o session.o
RADIUSCLIENT_OBJS = radiusclient.o ourtls.o session.o rpacket.o md5.o \
hmacmd5.o reap.o mschap.o sha1.o md4.o des.o
SERVER_CONF = server-demand.conf
CLIENT_CONF = client-good.conf
HOST = 127.0.0.1
PORT = 1081
.SUFFIXES:
.SUFFIXES:
.PHONEY: all
all: tcpserver tcpclient memcommsxxxx radiusclient
tcpserver: $(TCPSERVER_OBJS)
$(GCC) $(COPTS) -o $@ $^ $(LIBS)
tcpclient: $(TCPCLIENT_OBJS)
$(GCC) $(COPTS) -o $@ $^ $(LIBS)
memcomms: $(MEMCOMMS_OBJS)
$(GCC) $(COPTS) -o $@ $^ $(LIBS)
all: radiusclient certificates
radiusclient: $(RADIUSCLIENT_OBJS)
$(GCC) $(COPTS) -o $@ $^ $(LIBS)
tcpserver.o: tcpserver.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
tcpclient.o: tcpclient.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
ourtls.o: ourtls.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
session.o: session.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
memcomms.o: memcomms.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
radiusclient.o: radiusclient.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
......@@ -76,105 +54,49 @@ md4.o: md4.c $(ALLH)
des.o: des.c $(ALLH)
gcc $(COPTS) -c -o $@ $<
.PHONY: certs
certs:
# If you get an error about a .rnd file:
# cd ~
# openssl rand -writerand .rnd
#
mkdir -p certs
mkdir -p ca_certs
rm -f certs/*.pem
rm -f ca_certs/*.pem
# Note that 4,383 days is twelve years to the day, being 3*(4*365+1))
# NIST has recommended a 2,048 RSA key (112 bit security) starting in 2015, and
# expects that to be the recommendation through 2030, at which point 3,072 RSA
# (128-bit security) should be used.
# For ephemeral key exchange, even 2,048 bits is overkill, since the assymetric
# cryptography is used only to create the session key, which itself is providing
# forward secrecy, so even if, in the future, the RSA encryption is broken,
# the messages themselves will still be encrypted. But a recommendation is a
# recommendation. I am using 2,048 because then I don't have to explain to
# security auditors why I used something smaller than the NIST recommendation.
# Create a couple of simple self-signed certificates, one with a passphrase, the other without
openssl req -x509 -days 4383 -newkey rsa:2048 -keyout certs/simple-cert1.pem -out certs/simple-cert1.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=SimpleCertificate/CN=*.symas.com/emailAddress=support@symas.com" -nodes
openssl req -x509 -days 4383 -newkey rsa:2048 -keyout certs/simple-cert2.pem -out certs/simple-cert2.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=SimpleCertificateWithPassphrase/CN=*.symas.com/emailAddress=support@symas.com" -passout pass:ishkabibble
# Create several self-signed CA certificates, each with a passphrase
openssl req -x509 -passout pass:ca1passphrase -days 4383 -newkey rsa:2048 -keyout ca_certs/ca1-cert.pem -out ca_certs/ca1-cert.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=Certificate Authority CA1/CN=*.symas.com/emailAddress=support@symas.com"
openssl req -x509 -passout pass:ca2passphrase -days 4383 -newkey rsa:2048 -keyout ca_certs/ca2-cert.pem -out ca_certs/ca2-cert.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=Certificate Authority CA2/CN=*.symas.com/emailAddress=support@symas.com"
openssl req -x509 -passout pass:ca3passphrase -days 4383 -newkey rsa:2048 -keyout ca_certs/ca3-cert.pem -out ca_certs/ca3-cert.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=Certificate Authority CA3/CN=*.symas.com/emailAddress=support@symas.com"
openssl req -x509 -passout pass:ca4passphrase -days 4383 -newkey rsa:2048 -keyout ca_certs/ca4-cert.pem -out ca_certs/ca4-cert.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=Certificate Authority CA4/CN=*.symas.com/emailAddress=support@symas.com"
# hash their subject fields in order to facilitate SSL_CTX_load_verify_locations():
c_rehash ca_certs
# Generate a Certificate Signing Request (CSR) for the server:
openssl req -passout pass:serverpassphrase -newkey rsa:2048 -keyout certs/server-key.pem -out certs/server-req.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=Server Certificate/CN=*.symas.com/emailAddress=support@symas.com"
# Sign it with ca1:
openssl x509 -req -passin pass:ca1passphrase -days 4383 -in certs/server-req.pem -CA ca_certs/ca1-cert.pem -CAkey ca_certs/ca1-cert.pem -CAcreateserial -out certs/server-cert.pem
# Get rid of the no-longer-needed CSR
rm certs/server-req.pem
# Generate a Certificate Signing Request (CSR) for the client:
openssl req -passout pass:clientpassphrase -newkey rsa:2048 -keyout certs/client-key.pem -out certs/client-req.pem -subj "/C=US/ST=New York/L=Saugerties/O=Symas Corporation/OU=Client Certificate/CN=*.symas.com/emailAddress=support@symas.com"
# Sign it with ca3:
openssl x509 -req -passin pass:ca3passphrase -days 4383 -in certs/client-req.pem -CA ca_certs/ca3-cert.pem -CAkey ca_certs/ca3-cert.pem -CAcreateserial -out certs/client-cert.pem
# Get rid of the no-longer-needed CSR
rm certs/client-req.pem
# When you want to look at a certificate, you will need this instruction:
# openssl x509 -noout -text -in certs/simple-cert1.pem
# openssl x509 -noout -text -in certs/simple-cert2.pem
# openssl x509 -noout -text -in certs/server-cert.pem
# openssl x509 -noout -text -in certs/client-cert.pem
.PHONEY: server
server: all
sudo pkill tcpserver || true
sudo ./tcpserver -f $(SERVER_CONF) -p $(PORT)
.PHONEY: serverd
serverd: all
sudo pkill tcpserver || true
sudo gdb --args ./tcpserver -f $(SERVER_CONF) -p $(PORT)
client: all
./tcpclient -f $(CLIENT_CONF) -h $(HOST) -p $(PORT)
clientd: all
gdb --args ./tcpclient -f $(CLIENT_CONF) -h $(HOST) -p $(PORT)
run: all
sudo pkill tcpserver || true
sudo ./tcpserver -f $(SERVER_CONF) -p $(PORT) &
sleep 1
./tcpclient -f $(CLIENT_CONF) -h $(HOST) -p $(PORT)
mem: all
./memcomms -s $(SERVER_CONF) -c $(CLIENT_CONF)
memd: all
gdb --args ./memcomms -s $(SERVER_CONF) -c $(CLIENT_CONF)
.PHONY: certificates
certificates: $(FREERADIUS_FILES)/certs/ca.pem
# If you get an error about a .rnd file:
# cd ~
# openssl rand -writerand .rnd
#
# For the purposes of the radiusclient demonstration, where we want radiusclient
# to authenticate against both FreeRADIUS and OpenLDAP, we need the various
# certificate files to be in a common location known to all three. So, I shamelessly
# duplicated the FreeRADIUS Makefile that creates their "snake oil" test certificates,
# which should *not* be used in production. I then copy those certificates to
# where FreeRADIUS usually puts them.
$(FREERADIUS_FILES)/certs/ca.pem: certs/ca.pem
mkdir -p $(FREERADIUS_FILES)/certs
cp certs/ca.* $(FREERADIUS_FILES)/certs
cp certs/server.* $(FREERADIUS_FILES)/certs
cp certs/client.* $(FREERADIUS_FILES)/certs
certs/ca.pem:
$(MAKE) -C certs
# Should you want to look at what's in those certificates,
# you will need these commands:
# openssl x509 -noout -text -in certs/ca.pem
# openssl x509 -noout -text -in certs/server.pem
# openssl x509 -noout -text -in certs/client.pem
rad: all
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 18129 -m peap -s testing123 abel1 abel1
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 18129 -m ttls -s testing123 abel1 abel1
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 1812 -m peap -s testing123 testing password
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 1812 -m ttls -s testing123 testing password
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 18129 -m peap -s testing123 abel1 abel1
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 18129 -m ttls -s testing123 abel1 abel1
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 1812 -m peap -s testing123 testing password
./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 1812 -m ttls -s testing123 testing password
radd: all
gdb --args ./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 18129 -m peap -s testing123 abel1 abel1
gdb --args ./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 1812 -m peap -s testing123 testing password
# gdb --args ./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 18129 -m peap -s testing123 abel1 abel1
# gdb --args ./radiusclient -c $(CLIENT_CONF) -h 127.0.0.1 -p 1812 -m peap -s testing123 testing password
test: all
./test.scr
kill:
kill:
sudo pkill radiusclient || true
clean:
......@@ -183,4 +105,4 @@ clean:
rm -f tcpserver
rm -f memcomms
rm -f radiusclient
\ No newline at end of file
$(MAKE) -C certs destroycerts
*.pem
*.crl
*.der
*.key
*.crt
*.csr
*.p12
index*
serial*
######################################################################
#
# Make file to be installed in /etc/raddb/certs to enable
# the easy creation of certificates.
#
# See the README file in this directory for more information.
#
# $Id: c9fbc9e8646bb157092e48c95352cb2866bafeaf $
#
######################################################################
OPENSSL = openssl
EXTERNAL_CA = $(wildcard external_ca.*)
ifneq "$(EXTERNAL_CA)" ""
PARTIAL = -partial_chain
endif
#
# Set the passwords
#
include passwords.mk
######################################################################
#
# Make the necessary files, but not client certificates.
#
######################################################################
.PHONY: all
all: index.txt serial ca server client
.PHONY: client
client: client.pem
.PHONY: ca
ca: ca.der ca.crl
.PHONY: server
server: server.pem server.vrfy
.PHONY: inner-server
inner-server: inner-server.pem inner-server.vrfy
.PHONY: verify
verify: server.vrfy client.vrfy
passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf
@echo "PASSWORD_SERVER = '$(shell grep output_password server.cnf | sed 's/.*=//;s/^ *//')'" > $@
@echo "PASSWORD_INNER = '$(shell grep output_password inner-server.cnf | sed 's/.*=//;s/^ *//')'" >> $@
@echo "PASSWORD_CA = '$(shell grep output_password ca.cnf | sed 's/.*=//;s/^ *//')'" >> $@
@echo "PASSWORD_CLIENT = '$(shell grep output_password client.cnf | sed 's/.*=//;s/^ *//')'" >> $@
@echo "USER_NAME = '$(shell grep emailAddress client.cnf | grep '@' | sed 's/.*=//;s/^ *//')'" >> $@
@echo "CA_DEFAULT_DAYS = '$(shell grep default_days ca.cnf | sed 's/.*=//;s/^ *//')'" >> $@
######################################################################
#
# Create a new self-signed CA certificate
#
######################################################################
ca.key ca.pem: ca.cnf
@[ -f index.txt ] || $(MAKE) index.txt
@[ -f serial ] || $(MAKE) serial
$(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
-days $(CA_DEFAULT_DAYS) -config ./ca.cnf \
-passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA)
chmod g+r ca.key
ca.der: ca.pem
$(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
ca.crl: ca.pem
$(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA)
$(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl
rm ca-crl.pem
######################################################################
#
# Create a new server certificate, signed by the above CA.
#
######################################################################
server.csr server.key: server.cnf
$(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf
chmod g+r server.key
server.crt: ca.key ca.pem server.csr
$(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
server.p12: server.crt
$(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r server.p12
server.pem: server.p12
$(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r server.pem
.PHONY: server.vrfy
server.vrfy: ca.pem
@$(OPENSSL) verify $(PARTIAL) -CAfile ca.pem server.pem
######################################################################
#
# Create a new client certificate, signed by the the above server
# certificate.
#
######################################################################
client.csr client.key: client.cnf
$(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf
chmod g+r client.key
client.crt: ca.key ca.pem client.csr
$(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
client.p12: client.crt
$(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
chmod g+r client.p12
cp client.p12 $(USER_NAME).p12
client.pem: client.p12
$(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
chmod g+r client.pem
cp client.pem $(USER_NAME).pem
.PHONY: client.vrfy
client.vrfy: ca.pem client.pem
c_rehash .
$(OPENSSL) verify -CApath . client.pem
######################################################################
#
# Create a new inner-server certificate, signed by the above CA.
#
######################################################################
inner-server.csr inner-server.key: inner-server.cnf
$(OPENSSL) req -new -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf
chmod g+r inner-server.key
inner-server.crt: ca.key ca.pem inner-server.csr
$(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
inner-server.p12: inner-server.crt
$(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
chmod g+r inner-server.p12
inner-server.pem: inner-server.p12
$(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
chmod g+r inner-server.pem
.PHONY: inner-server.vrfy
inner-server.vrfy: ca.pem
@$(OPENSSL) verify $(PARTIAL) -CAfile ca.pem inner-server.pem
######################################################################
#
# Miscellaneous rules.
#
######################################################################
index.txt:
@touch index.txt
serial:
@echo '01' > serial
print:
$(OPENSSL) x509 -text -in server.crt
printca:
$(OPENSSL) x509 -text -in ca.pem
clean:
@rm -f *~ *old client.csr client.key client.crt client.p12 client.pem
#
# Make a target that people won't run too often.
#
destroycerts:
rm -f *~ *.csr *.crt *.p12 *.der *.pem *.key index.txt* \
serial* *\.0 *\.1 ca-crl.pem ca.crl
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment