#!/bin/sh -e
# cert.sh
# Usage: cert.sh name
# Example: cert.sh newcert.20061019

if [[ $# = 0 ]]
 then
  echo "cert.sh: ERROR: cert name required!"
  exit 1
fi

# Cert repository:
CERTDIR=/CA/reppep/certs

# Create new key; create CSR; sign CSR
openssl genrsa -out $CERTDIR/$1.key
openssl req -new -key $CERTDIR/$1.key -out $CERTDIR/$1.csr
openssl ca -out $CERTDIR/$1.crt -infiles $CERTDIR/$1.csr

# Clean up & review
chmod -R go-rwx $CERTDIR
echo "Your files are:"
ls -lt $CERTDIR/ | head -4 | tail -3
echo

# Facilitate extraction of certs from caserver
echo "On your workstation; cd to a safe place for the cert, key, & CSR."
echo "To download the files, use:"
echo "scp root@caserver:$CERTDIR/$1.crt root@caserver:$CERTDIR/$1.key root@caserver:$CERTDIR/$1.csr ./"