Hi,
my receipt to generate a CSR for the root CA is as follows:
#
# generate a Certificate Signing Request to be submitted to the CA
# @input:
# - the key to be certified, i.e. the servers key
# - the servers credentials such as DN
#
%.root.csr.pem: %.key.sec.pem \
Perhaps, I am answering the wrong question but I use the following makefile
receipts to do what I understand from your question:
trusted.cert.pem: $(ROOTCA)/root.root.crt.pem \
$(SUBCA)/proxy.root.crt.pem
$(RM) -f $@
cat $^ >$@
server.pfx: server.root.crt.
