Commit | Line | Data |
---|---|---|
385c3534 AC |
1 | #!/bin/sh -e |
2 | ||
906a79a6 DO |
3 | USER="$1" |
4 | if test -z "$USER"; then | |
5 | echo Usage: domtool-addcert USERNAME | |
6 | exit 1 | |
7 | fi | |
8 | ||
385c3534 AC |
9 | KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1 |
10 | KEYFILE=$KEYDIR/key.pem | |
11 | CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem | |
12 | NEWREQ=~/.newreq.pem | |
13 | NEW=~/.new.pem | |
14 | KEYIN=~/.keyin | |
15 | ||
e903f398 | 16 | mkdir -p $KEYDIR |
385c3534 AC |
17 | openssl genrsa -out $KEYFILE |
18 | chown -R domtool.domtool $KEYDIR | |
906a79a6 | 19 | fs sa $KEYDIR $USER read |
385c3534 AC |
20 | echo "." >$KEYIN |
21 | echo "." >>$KEYIN | |
22 | echo "." >>$KEYIN | |
23 | echo "." >>$KEYIN | |
24 | echo "." >>$KEYIN | |
906a79a6 DO |
25 | echo "$USER" >>$KEYIN |
26 | echo "$USER@hcoop.net" >>$KEYIN | |
385c3534 AC |
27 | echo "" >>$KEYIN |
28 | echo "" >>$KEYIN | |
29 | openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN | |
30 | rm $KEYIN | |
31 | cat $NEWREQ $KEYFILE >$NEW | |
32 | rm $NEWREQ | |
33 | openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW | |
34 | rm $NEW | |
35 | chown domtool.domtool $CERTFILE |