mkdir $KEYDIR || echo Key directory already exists.
openssl genrsa -out $KEYFILE
-chown -R domtool.domtool $KEYDIR
+chown -R domtool.nogroup $KEYDIR
fs sa $KEYDIR $USER read || echo This must be a server principal.
echo "." >$KEYIN
echo "." >>$KEYIN
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
-chown domtool.domtool $CERTFILE
+chown domtool.nogroup $CERTFILE