#!/bin/sh -e
# cert.command
# By Chris Pepper, 2006-2007
# Usage: cert.command name | cert.command
# Example: cert.command www.tidbits.com.20071108

# CA host (if network accessible -- not necessarily a good idea)
CAHOST=ca.tidbits.com
# CA path
CAPATH=~/CA/tidbits
# CA certificate
CACERT=$CAPATH/ca.tidbits.com.20070401.crt
# Cert repository:
CERTDIR=$CAPATH/certs

cd $CERTDIR


if [[ $# = 0 ]]
 then
  echo -n "Please enter the certificate's name (e.g., www.tidbits.com.20070401): "
  read CERT
 else
  CERT=$1
fi


# Create new key; create CSR; sign CSR
openssl genrsa -out $CERTDIR/$CERT.key
openssl req -new -key $CERTDIR/$CERT.key -out $CERTDIR/$CERT.csr
openssl ca -in $CERTDIR/$CERT.csr -out $CERTDIR/$CERT.crt

# Append CA cert to the new signed cert, to facilitate installation of the CA cert.
cat $CACERT >> $CERTDIR/$CERT.crt

# Protect new key
chmod go-rwx $CERTDIR/*.key

echo "Your files are:"
ls -lt $CERTDIR/ | head -4 | tail -3


# Think carefully before enabling the section below. For a medium to high security CA, the files should not be on a network accessible computer. If you are running a low-security CA, however, the lines below should make using it more convenient.
# 
# # Facilitate extraction of certs from $CAHOST, if accessible:
# echo
# echo "To download the cert, first cd to a safe place on your workstation. Then fetch the cert, key, & CSR from $CAHOST:"
# echo "scp root@$CAHOST:$CERTDIR/$CERT.crt root@$CAHOST:$CERTDIR/$CERT.key root@$CAHOST:$CERTDIR/$CERT.csr ./"