Commit | Line | Data |
---|---|---|
25c93232 AC |
1 | #!/bin/sh -e |
2 | ||
906a79a6 DO |
3 | USER="$1" |
4 | if test -z "$USER"; then | |
5 | echo Usage: domtool-addcert USERNAME | |
6 | exit 1 | |
7 | fi | |
8 | ||
9 | KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER | |
25c93232 | 10 | KEYFILE=$KEYDIR/key.pem |
906a79a6 | 11 | CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem |
25c93232 AC |
12 | NEWREQ=~/.newreq.pem |
13 | NEW=~/.new.pem | |
14 | KEYIN=~/.keyin | |
15 | ||
16 | mkdir $KEYDIR || echo Already exists | |
17 | openssl genrsa -out $KEYFILE | |
18 | chown -R domtool.domtool $KEYDIR | |
19 | echo "." >$KEYIN | |
20 | echo "." >>$KEYIN | |
21 | echo "." >>$KEYIN | |
22 | echo "." >>$KEYIN | |
23 | echo "." >>$KEYIN | |
906a79a6 DO |
24 | echo "$USER" >>$KEYIN |
25 | echo "$USER@hcoop.net" >>$KEYIN | |
25c93232 AC |
26 | echo "" >>$KEYIN |
27 | echo "" >>$KEYIN | |
28 | openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN | |
29 | rm $KEYIN | |
30 | cat $NEWREQ $KEYFILE >$NEW | |
31 | rm $NEWREQ | |
32 | openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW | |
33 | rm $NEW | |
34 | chown domtool.domtool $CERTFILE |