{"id":16355508,"url":"https://github.com/waveform80/camake","last_synced_at":"2026-02-08T04:33:28.892Z","repository":{"id":32681180,"uuid":"36270003","full_name":"waveform80/camake","owner":"waveform80","description":"Some simple makefiles for creating and maintaining a basic CA","archived":false,"fork":false,"pushed_at":"2015-05-26T04:28:36.000Z","size":160,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-27T04:51:33.954Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"explosion/spaCy","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/waveform80.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-05-26T03:38:27.000Z","updated_at":"2015-05-26T04:29:30.000Z","dependencies_parsed_at":"2022-07-20T00:02:34.613Z","dependency_job_id":null,"html_url":"https://github.com/waveform80/camake","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/waveform80/camake","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveform80%2Fcamake","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveform80%2Fcamake/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveform80%2Fcamake/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveform80%2Fcamake/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/waveform80","download_url":"https://codeload.github.com/waveform80/camake/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveform80%2Fcamake/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29220508,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T03:18:47.732Z","status":"ssl_error","status_checked_at":"2026-02-08T03:15:31.985Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T01:41:01.677Z","updated_at":"2026-02-08T04:33:28.876Z","avatar_url":"https://github.com/waveform80.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"======\ncamake\n======\n\nThis repository conatins some simple scripts, primarily based on GNU Makefiles\nto ease the creation, maintenance, and usage of a CA (an SSL Certificate\nAuthority).  It is not intended, nor fit for use as a large CA, but is fine for\nsmall deployments.\n\n\nRequirements\n============\n\nThe system relies on GNU make, and openssl. An Ubuntu installation is assumed\nbut it wouldn't be difficult to adapt to other Linux distros (the primary thing\nto modify would be the group configuration).\n\n\nSetup\n=====\n\nFirstly, create the CA like so::\n\n    # cd ca\n    # make init\n\nYou can optionally specify the country (c), organization (o), title (cn),\nowner's e-mail address (email) and certificate revocation list URL (crl) after\nthe target.  For example::\n\n    # make init c=GB \"o=My Company\" title=\"My Company CA\" email=ca@mycompany.com crl=https://mycompany.com/ca-crl.pem\n\nIf these items are not provided they will be prompted for interactively. The\ncommand will generate the following important files under the ``ca`` directory:\n\n* ``ca/private/ca-key.pem`` - The private key of the CA. This **must** remain\n  secret; never distribute it to anyone. Preferably, keep it on an air-gapped\n  machine used only for signing certificates (\"proper\" CAs keep the root key\n  entirely air-gapped and generate intermediate signing keys which can be more\n  easily revoked for day-to-day signing usage).\n\n* ``ca/ca-cert.pem`` - The public CA certificate in PEM format. You can\n  distribute this to servers or users who need to determine whether\n  certificates were signed by the CA. Feel free to make it publically\n  available from your organization's website.\n\n* ``ca/ca-cert.der`` - The public CA certificate in DER format.\n\n* ``ca/ca-cert.txt`` - The public CA certificate in human readable form.\n\n* ``ca/ca-crl.pem`` - The CA's certificate revocation list. You should make\n  this available from the URL specified for the ``crl`` parameter when you\n  created the CA.\n\nTo regenerate the CRL you can run the following command at any time::\n\n    # cd ca\n    # make gencrl\n\nYou can use the following command to obtain help on the available commands\nat any time::\n\n    # cd ca\n    # make help\n\n\nServer Certificates\n===================\n\nTo create a new server certificate the procedure goes as follows. Firstly,\ncreate a private key and certificate signing request (CSR) for the server in\nquestion::\n\n    # cd servers\n    # make csr file=myhost\n\nAs with creating a CA you can specify the parameters for the server certificate\non the command line as well::\n\n    # make csr file=myhost c=GB o=\"My Company\" cn=myhost.mycompany.com email=webmaster@myhost.mycompany.com\n\nThe most important attribute is the common name (CN). This **must** match the\nhostname of the server that the certificate is destined for. The command will\ngenerate the following files:\n\n* ``servers/myhost-key.pem`` - The private key for the server. The server in\n  question will need this, but other than this it should be kept secret.\n\n* ``servers/myhost-csr.pem`` - This is the certificate signing request.\n\nCopy the CSR to the ``ca`` sub-directory, then have the CA sign the request to\ngenerate the signed certificate::\n\n    # cp myhost-csr.pem ../ca\n    # cd ../ca\n    # make sign file=myhost\n\nThis will prompt you with the certificate's details to make sure you wish to\nsign them. Once this is complete the CSR will be removed, and the certificate\nwill be created in the following file:\n\n* ``ca/myhost-cert.pem`` - This is the signed certificate in PEM format.\n\nCopy the certificate back to the ``servers`` sub-directory and (optionally)\ngenerate the alternate formats from it::\n\n    # cp myhost-cert.pem ../servers\n    # cd ../servers\n    # make convert file=myhost\n\nYou can use the following command to obtain help on the available commands\nat any time::\n\n    # cd servers\n    # make help\n\n\nClient Certificates\n===================\n\nTo create a new client certificate the procedure goes as follows. Firstly,\ncreate a private key and certificate signing request (CSR) for the client in\nquestion::\n\n    # cd clients\n    # make csr file=myuser\n\nAs with creating a CA you can specify the parameters for the server certificate\non the command line as well::\n\n    # make csr file=myuser c=GB o=\"My Company\" cn=myuser email=myuser@mycompany.com\n\nAgain, the most important attribute is the common name (CN). This **must**\nmatch the username of the client in question. The command will generate the\nfollowing files:\n\n* ``clients/myuser-key.pem`` - The private key for the user. The user in\n  question will need this, but other than this it should be kept secret.\n\n* ``clients/myuser-csr.pem`` - This is the certificate signing request.\n\nCopy the CSR to the ``ca`` sub-directory, then have the CA sign the request to\ngenerate the signed certificate::\n\n    # cp myuser-csr.pem ../ca\n    # cd ../ca\n    # make sign file=myuser\n\nThis will prompt you with the certificate's details to make sure you wish to\nsign them. Once this is complete the CSR will be removed, and the certificate\nwill be created in the following file:\n\n* ``ca/myuser-cert.pem`` - This is the signed certificate in PEM format.\n\nCopy the certificate back to the ``clients`` sub-directory::\n\n    # cp myuser-cert.pem ../clients\n\nYou can use the following command to obtain help on the available commands\nat any time::\n\n    # cd clients\n    # make help\n\n\nRevocation\n==========\n\nIf you believe that a certificate has been compromised you can revoke it, and\nregenerate the certificate recovation list as follows::\n\n    # cd ca\n    # make revoke file=myhost\n    # make gencrl\n\nNote that revocation requires the signed (server or client) certificate. This\nis the reason for *copying* signed certificates from the ``ca`` sub-directory\nrather than moving them in the sections above.\n\nCertificates have a limited life-span as it is. The Makefiles default to 10\nyears expiration and 4096 bits strength for the CA certificate, and 1 year\nvalidity and 1024 bits strength for signed server and client certificates\n(these are probably weak by the time you're reading this; adjust these limits\nin the configuration variables at the top of the relevant Makefiles\naccordingly).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwaveform80%2Fcamake","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwaveform80%2Fcamake","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwaveform80%2Fcamake/lists"}