Make domtool-tail actually work
[hcoop/domtool2.git] / scripts / domtool-addcert
CommitLineData
385c3534
AC
1#!/bin/sh -e
2
906a79a6
DO
3USER="$1"
4if test -z "$USER"; then
5 echo Usage: domtool-addcert USERNAME
6 exit 1
7fi
8
385c3534
AC
9 KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
10 KEYFILE=$KEYDIR/key.pem
11CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
12 NEWREQ=~/.newreq.pem
13 NEW=~/.new.pem
14 KEYIN=~/.keyin
15
e903f398 16mkdir -p $KEYDIR
385c3534
AC
17openssl genrsa -out $KEYFILE
18chown -R domtool.domtool $KEYDIR
906a79a6 19fs sa $KEYDIR $USER read
385c3534
AC
20echo "." >$KEYIN
21echo "." >>$KEYIN
22echo "." >>$KEYIN
23echo "." >>$KEYIN
24echo "." >>$KEYIN
906a79a6
DO
25echo "$USER" >>$KEYIN
26echo "$USER@hcoop.net" >>$KEYIN
385c3534
AC
27echo "" >>$KEYIN
28echo "" >>$KEYIN
29openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
30rm $KEYIN
31cat $NEWREQ $KEYFILE >$NEW
32rm $NEWREQ
33openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
34rm $NEW
35chown domtool.domtool $CERTFILE