#!/bin/sh -e
# cert.sh
# Usage: cert.sh name
# Example: cert.sh hostname.20070218

if [[ $# = 0 ]]
 then
  echo "cert.sh: ERROR: cert name required!"
  exit 1
fi

# Cert repository:
CERTDIR=/CA/reppep/certs
ROOTCERT=/CA/reppep/CA/ca.reppep.com.crt

# Create new key; create CSR; sign CSR
openssl genrsa -out $CERTDIR/$1.key
openssl req -new -key $CERTDIR/$1.key -out $CERTDIR/$1.csr
openssl ca -out $CERTDIR/$1.crt -infiles $CERTDIR/$1.csr

# Append CA cert to the new signed cert, to facilitate installation of the CA cert.
cat $ROOTCERT >> $CERTDIR/$1.crt

# Clean up & review
chmod -R go-rwx $CERTDIR
echo "Your files are:"
ls -lt $CERTDIR/ | head -4 | tail -3
echo
echo

# Facilitate extraction of certs from $HOST
echo "To download the cert, first cd to a safe place on your workstation (NOT a mult-user server). Then fetch the cert, key, & CSR from $HOST:"
echo "scp root@$HOST:$CERTDIR/$1.crt root@$HOST:$CERTDIR/$1.key root@$HOST:$CERTDIR/$1.csr ./"